General

  • Target

    e1b4fe277fdc38fa30041eab9e74ca42196f9cb997a966c32646948628dd4a03N

  • Size

    120KB

  • Sample

    241104-zkfmgsxdqr

  • MD5

    5c921e0bd296dbaa917faa129f062c00

  • SHA1

    9616a52a16fd00861f81a91925274c798b7bbfa6

  • SHA256

    e1b4fe277fdc38fa30041eab9e74ca42196f9cb997a966c32646948628dd4a03

  • SHA512

    f4bc5c703c2d9a6d8e5089c5586b462b6bf6ab13b78959b27936b62cd7fecc0d0a43faa24df400d9f03dc35fef2537a25c71b753b3a0cfa6786b404843a01bc9

  • SSDEEP

    1536:1B7Nyq/qJ1H0vmOA/w6dDyPPAhm3lQNzUw+5rG9mNxA5XMKt9VfEEBKNftl:1R8qqJ1km7ogDYWzUwAvmMKNL2j

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e1b4fe277fdc38fa30041eab9e74ca42196f9cb997a966c32646948628dd4a03N

    • Size

      120KB

    • MD5

      5c921e0bd296dbaa917faa129f062c00

    • SHA1

      9616a52a16fd00861f81a91925274c798b7bbfa6

    • SHA256

      e1b4fe277fdc38fa30041eab9e74ca42196f9cb997a966c32646948628dd4a03

    • SHA512

      f4bc5c703c2d9a6d8e5089c5586b462b6bf6ab13b78959b27936b62cd7fecc0d0a43faa24df400d9f03dc35fef2537a25c71b753b3a0cfa6786b404843a01bc9

    • SSDEEP

      1536:1B7Nyq/qJ1H0vmOA/w6dDyPPAhm3lQNzUw+5rG9mNxA5XMKt9VfEEBKNftl:1R8qqJ1km7ogDYWzUwAvmMKNL2j

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks