General

  • Target

    28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd

  • Size

    1.2MB

  • Sample

    241104-zks8ksxaqd

  • MD5

    7d8d87a3c5cd0900bcb95a209ef1dc04

  • SHA1

    3cc8fd39291f65b5bb3e2ffd66ab7d93aa10a98d

  • SHA256

    28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd

  • SHA512

    18591ee908d8e9b5e3bcccdbc9a320d5b951c7a0631aa8adec1f1c3e5e519ce15734a989566a406e2dd8a43684bea64b8182010d07e4be63d4b3e7bd3e462d38

  • SSDEEP

    24576:eSF0ZVEDQ875Iruk5KC7isqqKDziTrYWvFQEQbfC:euc875IkrsqqHT0WvFQEO6

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd

    • Size

      1.2MB

    • MD5

      7d8d87a3c5cd0900bcb95a209ef1dc04

    • SHA1

      3cc8fd39291f65b5bb3e2ffd66ab7d93aa10a98d

    • SHA256

      28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd

    • SHA512

      18591ee908d8e9b5e3bcccdbc9a320d5b951c7a0631aa8adec1f1c3e5e519ce15734a989566a406e2dd8a43684bea64b8182010d07e4be63d4b3e7bd3e462d38

    • SSDEEP

      24576:eSF0ZVEDQ875Iruk5KC7isqqKDziTrYWvFQEQbfC:euc875IkrsqqHT0WvFQEO6

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks