General

  • Target

    a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450

  • Size

    65KB

  • Sample

    240531-bvewyahh8w

  • MD5

    b4df081f6da01cc2ca38d0730a5e1bb6

  • SHA1

    3c8138766190d7a3132ea97b10b02d4525673108

  • SHA256

    a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450

  • SHA512

    4c1e5d38ce50f42c402b5571c2e7fefdfb2ec0e65f9b97d8cf392a1f3ef06085f7443b45115149a1205e87d96b46f86841201cec76af551e4005cb0956a59168

  • SSDEEP

    1536:7ugB5Ui6NHzb/yu3qzywXf05oK/wCA96RLaPwd6WwdePAoR8:7/Ui8Hzj3eywXInk6RLnyev8

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450

    • Size

      65KB

    • MD5

      b4df081f6da01cc2ca38d0730a5e1bb6

    • SHA1

      3c8138766190d7a3132ea97b10b02d4525673108

    • SHA256

      a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450

    • SHA512

      4c1e5d38ce50f42c402b5571c2e7fefdfb2ec0e65f9b97d8cf392a1f3ef06085f7443b45115149a1205e87d96b46f86841201cec76af551e4005cb0956a59168

    • SSDEEP

      1536:7ugB5Ui6NHzb/yu3qzywXf05oK/wCA96RLaPwd6WwdePAoR8:7/Ui8Hzj3eywXInk6RLnyev8

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks