General

  • Target

    98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7

  • Size

    2.4MB

  • Sample

    240301-x9rd6scb6x

  • MD5

    1265208535a17b0fd034101e446221a4

  • SHA1

    3d70ba59f4af6a56e0726e0683649c476634f2f3

  • SHA256

    98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7

  • SHA512

    9f4eaad31960dc16ad96fce184f6dc2e567ee944259b71a835f63e28701428f364248926d7c1188373f085aed42ad3b4d565abbcb81b8f72837d18edc64dedc9

  • SSDEEP

    49152:s7PTF2VY3cJgk4lRsocD8mbaTI+LSsrDilurcPPiUJ7NrPTlcPUv20jvP5s8:s752G3n3socD8m+LjXilurcPPig7NrxF

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7

    • Size

      2.4MB

    • MD5

      1265208535a17b0fd034101e446221a4

    • SHA1

      3d70ba59f4af6a56e0726e0683649c476634f2f3

    • SHA256

      98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7

    • SHA512

      9f4eaad31960dc16ad96fce184f6dc2e567ee944259b71a835f63e28701428f364248926d7c1188373f085aed42ad3b4d565abbcb81b8f72837d18edc64dedc9

    • SSDEEP

      49152:s7PTF2VY3cJgk4lRsocD8mbaTI+LSsrDilurcPPiUJ7NrPTlcPUv20jvP5s8:s752G3n3socD8m+LjXilurcPPig7NrxF

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • detect oss ak

      oss ak information detected.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks