General

  • Target

    3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728aN

  • Size

    120KB

  • Sample

    241107-d41wwatnax

  • MD5

    817e9dacb5b8773238380f76e4348180

  • SHA1

    bb8a2ebe6d1b0f3b4eea17fc3f7aee6705af727d

  • SHA256

    3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728a

  • SHA512

    edde71ba00211057e7a614e3fe8a24aef8bd3e185306329dff1015b491c8ecda5d25a18802e36449a491df516c2f08524f246d8837864b5140abd5e6c8479c35

  • SSDEEP

    1536:xZoPPJtIPlmNZ2VfcLBMHRRbnoBaZEoaUQH4oZ3x3Ej5A0m7Mb3fVT1B:GhttNZ2CLa/bnoQioaUP+44Wt1B

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728aN

    • Size

      120KB

    • MD5

      817e9dacb5b8773238380f76e4348180

    • SHA1

      bb8a2ebe6d1b0f3b4eea17fc3f7aee6705af727d

    • SHA256

      3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728a

    • SHA512

      edde71ba00211057e7a614e3fe8a24aef8bd3e185306329dff1015b491c8ecda5d25a18802e36449a491df516c2f08524f246d8837864b5140abd5e6c8479c35

    • SSDEEP

      1536:xZoPPJtIPlmNZ2VfcLBMHRRbnoBaZEoaUQH4oZ3x3Ej5A0m7Mb3fVT1B:GhttNZ2CLa/bnoQioaUP+44Wt1B

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks