General

  • Target

    9217ac111a9b78e2005cd7ddb562e9908bdf8d8cb96b8efb67e17ef73bee54df

  • Size

    100KB

  • Sample

    241104-chnhzs1ald

  • MD5

    85ea7e7d3bbd66c513234ab0d5666fe9

  • SHA1

    41d98597350b2900fd6d7c28e0b6f891a3056e4e

  • SHA256

    9217ac111a9b78e2005cd7ddb562e9908bdf8d8cb96b8efb67e17ef73bee54df

  • SHA512

    59825a523dbf8d54e1233fca718271578ba14b0d77a98d847106395ba71b59d023405d99a8daf78a51b6e7154dae3cdd843d71f4656abf7d35e0fa5313e8b35a

  • SSDEEP

    1536:aChWdJrJ7Qx8wJeTLSs6dFbFQkRXHneW4y9hpnU8LUPADl7/DvO:jQT+8wCL0FJ1XHneJChpRQw7Lm

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      9217ac111a9b78e2005cd7ddb562e9908bdf8d8cb96b8efb67e17ef73bee54df

    • Size

      100KB

    • MD5

      85ea7e7d3bbd66c513234ab0d5666fe9

    • SHA1

      41d98597350b2900fd6d7c28e0b6f891a3056e4e

    • SHA256

      9217ac111a9b78e2005cd7ddb562e9908bdf8d8cb96b8efb67e17ef73bee54df

    • SHA512

      59825a523dbf8d54e1233fca718271578ba14b0d77a98d847106395ba71b59d023405d99a8daf78a51b6e7154dae3cdd843d71f4656abf7d35e0fa5313e8b35a

    • SSDEEP

      1536:aChWdJrJ7Qx8wJeTLSs6dFbFQkRXHneW4y9hpnU8LUPADl7/DvO:jQT+8wCL0FJ1XHneJChpRQw7Lm

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks