General

  • Target

    014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a

  • Size

    798KB

  • Sample

    241015-1dq1bayare

  • MD5

    9bc31e0832cc9203159b50c80c442604

  • SHA1

    f34f0d31f4906fdd903532c4cc790ed9acec868a

  • SHA256

    014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a

  • SHA512

    078b0a94e38a4d44c1a30c1dc240383b698b1541149efa36b3bdfac5e9c20b7f11f3115cb9ca26147438d7b25a308384f4d8b103ad2ee14a75da7466d0219339

  • SSDEEP

    12288:oWuD+tBznOVqoNq+Otn78KKufxls5P0mn5Od1Dz5Od1Dt1w4goDbzGo:oWuDqNY/Ot72yzyta4gojR

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a

    • Size

      798KB

    • MD5

      9bc31e0832cc9203159b50c80c442604

    • SHA1

      f34f0d31f4906fdd903532c4cc790ed9acec868a

    • SHA256

      014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a

    • SHA512

      078b0a94e38a4d44c1a30c1dc240383b698b1541149efa36b3bdfac5e9c20b7f11f3115cb9ca26147438d7b25a308384f4d8b103ad2ee14a75da7466d0219339

    • SSDEEP

      12288:oWuD+tBznOVqoNq+Otn78KKufxls5P0mn5Od1Dz5Od1Dt1w4goDbzGo:oWuDqNY/Ot72yzyta4gojR

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks