General

  • Target

    22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117eN

  • Size

    120KB

  • Sample

    241107-ev9m4awbpp

  • MD5

    867dfa4e0a3ae2ee075e6fe2c0d2dfb0

  • SHA1

    eb5a96db57e6573bf0d8e3f4ea16497a7c1968f3

  • SHA256

    22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117e

  • SHA512

    42b57335372ff9acef5420c499a972d1716e48cc37fde0f005e19ec384ee982fdb8bb055840922b5f6ae1d79105ff6a839a74ddbab02fedd502b5c577b729d95

  • SSDEEP

    3072:EULqrS26yqT6mSRC0MYn8DYj7fkaunHQNlVk:EOFF70/DpunHQz2

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117eN

    • Size

      120KB

    • MD5

      867dfa4e0a3ae2ee075e6fe2c0d2dfb0

    • SHA1

      eb5a96db57e6573bf0d8e3f4ea16497a7c1968f3

    • SHA256

      22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117e

    • SHA512

      42b57335372ff9acef5420c499a972d1716e48cc37fde0f005e19ec384ee982fdb8bb055840922b5f6ae1d79105ff6a839a74ddbab02fedd502b5c577b729d95

    • SSDEEP

      3072:EULqrS26yqT6mSRC0MYn8DYj7fkaunHQNlVk:EOFF70/DpunHQz2

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks