General

  • Target

    bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0N

  • Size

    120KB

  • Sample

    241104-f5plcavdjd

  • MD5

    0ef28502bec413eaa056d505e6bac6a0

  • SHA1

    93b9474f0a123d28abc7ee0f5f24734dfebf1030

  • SHA256

    bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0

  • SHA512

    d6d66c0c51124c26e9d1517e3edb3956a8bb9d29fbc7c792c36214f374e7d2c6d1bec1361293ded28bc49f812410a95956516676216876f9c581ca5b4241b805

  • SSDEEP

    1536:luJAgAU/Qkz5kD4gSM/mOQbQ2dI2zrR5jsrV6TxYZWyBkBA5P+KWIKhyoeNrtaDj:kGbwo4gSrN5js5+YZWyMA5tosa

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0N

    • Size

      120KB

    • MD5

      0ef28502bec413eaa056d505e6bac6a0

    • SHA1

      93b9474f0a123d28abc7ee0f5f24734dfebf1030

    • SHA256

      bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0

    • SHA512

      d6d66c0c51124c26e9d1517e3edb3956a8bb9d29fbc7c792c36214f374e7d2c6d1bec1361293ded28bc49f812410a95956516676216876f9c581ca5b4241b805

    • SSDEEP

      1536:luJAgAU/Qkz5kD4gSM/mOQbQ2dI2zrR5jsrV6TxYZWyBkBA5P+KWIKhyoeNrtaDj:kGbwo4gSrN5js5+YZWyMA5tosa

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks