General

  • Target

    6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083

  • Size

    1.8MB

  • Sample

    240529-2hp49adc69

  • MD5

    2cb81b12de4a87139a4c19468341780c

  • SHA1

    22897ebc0a9dfc67cb6bb985253e73338f844192

  • SHA256

    6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083

  • SHA512

    c1c586019e8e1e4ecb41991e34284881e5113903f0209259c271b62e894e708660a715b8787ab6659213f2fba4b0fbc13cdf866e529c7c938bc2c86586059b7d

  • SSDEEP

    49152:ujZxx4CnLdGOTalVz9vKxRwblCvQ3g7c39j5JMX/ECZViEJkT:SDmPNB8I3g7cNjnMPXZVET

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083

    • Size

      1.8MB

    • MD5

      2cb81b12de4a87139a4c19468341780c

    • SHA1

      22897ebc0a9dfc67cb6bb985253e73338f844192

    • SHA256

      6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083

    • SHA512

      c1c586019e8e1e4ecb41991e34284881e5113903f0209259c271b62e894e708660a715b8787ab6659213f2fba4b0fbc13cdf866e529c7c938bc2c86586059b7d

    • SSDEEP

      49152:ujZxx4CnLdGOTalVz9vKxRwblCvQ3g7c39j5JMX/ECZViEJkT:SDmPNB8I3g7cNjnMPXZVET

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks