General

  • Target

    1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4cN

  • Size

    120KB

  • Sample

    241107-h9mnnayanc

  • MD5

    823b82d8bec2ce3b61fe2aeee046e190

  • SHA1

    c4eaebfe4e13615c0a6c8f70a0da670205aba82a

  • SHA256

    1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4c

  • SHA512

    4fc8bf511025260c6ecaac079ce6ff8b382806f93c9a28d64311fa8d6c893260fd6a25f4e0421192d99f18a4e696fe0fd2b5e7d0f8ea26063c44670f9eb75e31

  • SSDEEP

    1536:ZE/JHv1C5D7LL54JyaURwJvIFnG+nX/+O7FR2rTfdTiw9+z4WOoiGX3GeAcfRJx:ytC5P31RTFnZPb2f1GwAvOCG3O

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4cN

    • Size

      120KB

    • MD5

      823b82d8bec2ce3b61fe2aeee046e190

    • SHA1

      c4eaebfe4e13615c0a6c8f70a0da670205aba82a

    • SHA256

      1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4c

    • SHA512

      4fc8bf511025260c6ecaac079ce6ff8b382806f93c9a28d64311fa8d6c893260fd6a25f4e0421192d99f18a4e696fe0fd2b5e7d0f8ea26063c44670f9eb75e31

    • SSDEEP

      1536:ZE/JHv1C5D7LL54JyaURwJvIFnG+nX/+O7FR2rTfdTiw9+z4WOoiGX3GeAcfRJx:ytC5P31RTFnZPb2f1GwAvOCG3O

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks