General

  • Target

    47d6e81be0aaa13b3a21d6f6e3a1cc2846769150b740f8c75a5ba8fa2f1e1f68

  • Size

    732KB

  • Sample

    241104-13r9nsyfkp

  • MD5

    eb2c564133c95f3c6437613328d105f9

  • SHA1

    bd90de06f4800615d65343db83fd28b9303ba693

  • SHA256

    47d6e81be0aaa13b3a21d6f6e3a1cc2846769150b740f8c75a5ba8fa2f1e1f68

  • SHA512

    327a0ed55bcec6e002a4136a4dc5e62391814ce4fce6124847264d60f40d7d57c07e8b7ecd628d105eec5a99b018bd45a17e2af8c3911561ed7804f63bb08960

  • SSDEEP

    12288:PTyjXW+48qWywrU4kGFezOAVuJ5PIYvww7F5DO3HYffVDLKDM:bIXW/8yw1ez54lI0F5SXYHNeDM

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      47d6e81be0aaa13b3a21d6f6e3a1cc2846769150b740f8c75a5ba8fa2f1e1f68

    • Size

      732KB

    • MD5

      eb2c564133c95f3c6437613328d105f9

    • SHA1

      bd90de06f4800615d65343db83fd28b9303ba693

    • SHA256

      47d6e81be0aaa13b3a21d6f6e3a1cc2846769150b740f8c75a5ba8fa2f1e1f68

    • SHA512

      327a0ed55bcec6e002a4136a4dc5e62391814ce4fce6124847264d60f40d7d57c07e8b7ecd628d105eec5a99b018bd45a17e2af8c3911561ed7804f63bb08960

    • SSDEEP

      12288:PTyjXW+48qWywrU4kGFezOAVuJ5PIYvww7F5DO3HYffVDLKDM:bIXW/8yw1ez54lI0F5SXYHNeDM

    • Modifies firewall policy service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks