General

  • Target

    765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46

  • Size

    120KB

  • Sample

    240530-3e3fvaea7t

  • MD5

    c81a27fcd6912e264dd79445ff555134

  • SHA1

    b143c5c3577d1b63999f327e76390f2989d57e30

  • SHA256

    765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46

  • SHA512

    c88c19ba6851867215d81d14cdb1c92803e40ea57f0f9aa7b8bc7f5964fe0f1b2030a3f09370faf290f571f75423a7370b77dfc1b16f3658f38988cf8e900dc9

  • SSDEEP

    3072:qOMQejCwTqJAeuZGOm2AUv9tRxS8940ez7c:q1TLXzmpU5A8qv7

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46

    • Size

      120KB

    • MD5

      c81a27fcd6912e264dd79445ff555134

    • SHA1

      b143c5c3577d1b63999f327e76390f2989d57e30

    • SHA256

      765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46

    • SHA512

      c88c19ba6851867215d81d14cdb1c92803e40ea57f0f9aa7b8bc7f5964fe0f1b2030a3f09370faf290f571f75423a7370b77dfc1b16f3658f38988cf8e900dc9

    • SSDEEP

      3072:qOMQejCwTqJAeuZGOm2AUv9tRxS8940ez7c:q1TLXzmpU5A8qv7

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks