General

  • Target

    ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41edN

  • Size

    120KB

  • Sample

    241107-d58m4svcnd

  • MD5

    2b81d539bf2999905b2f078159b60b50

  • SHA1

    c75a7f4976b566bae810b8e0242ccf3a5fbb1e71

  • SHA256

    ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41ed

  • SHA512

    fd02617215ab2a87714cfe3741f3e97caac4e2159534f70653d6fdfcb3e60781e54fe158d29aa2f3de9208f4e75dd2588d73e638f97e3bd73b7d7963b250ed85

  • SSDEEP

    3072:vKu8S8NeoQqnCZtQ21syk4SjOdRkLmF7DVyiEy:vKumQqb2iaSjMmyF7DVyit

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41edN

    • Size

      120KB

    • MD5

      2b81d539bf2999905b2f078159b60b50

    • SHA1

      c75a7f4976b566bae810b8e0242ccf3a5fbb1e71

    • SHA256

      ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41ed

    • SHA512

      fd02617215ab2a87714cfe3741f3e97caac4e2159534f70653d6fdfcb3e60781e54fe158d29aa2f3de9208f4e75dd2588d73e638f97e3bd73b7d7963b250ed85

    • SSDEEP

      3072:vKu8S8NeoQqnCZtQ21syk4SjOdRkLmF7DVyiEy:vKumQqb2iaSjMmyF7DVyit

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks