General

  • Target

    5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96N

  • Size

    120KB

  • Sample

    241107-j2a6bsygml

  • MD5

    da5df45ef173a25286f94ff388046260

  • SHA1

    797fbbffc4e3b893f558cbac204efeb90b11615c

  • SHA256

    5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96

  • SHA512

    276d0f59787012ac89d6dfe6de18b7c702b8cb3c48f46ce6026f8d11e7799f3b760bad180a4cd24a792f9ee29566f7ab988e1f74b12fe1c25e4fbc5669dba54b

  • SSDEEP

    1536:cddxGEUt+Rdk0lKP4G5lH9Q3KVAuCsX+hFJLuM2nu04Ncp+88JMu7rL3ZxjFjCD:cdxGE++vkIY4MHdtXA9uM2uF886wLjG

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96N

    • Size

      120KB

    • MD5

      da5df45ef173a25286f94ff388046260

    • SHA1

      797fbbffc4e3b893f558cbac204efeb90b11615c

    • SHA256

      5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96

    • SHA512

      276d0f59787012ac89d6dfe6de18b7c702b8cb3c48f46ce6026f8d11e7799f3b760bad180a4cd24a792f9ee29566f7ab988e1f74b12fe1c25e4fbc5669dba54b

    • SSDEEP

      1536:cddxGEUt+Rdk0lKP4G5lH9Q3KVAuCsX+hFJLuM2nu04Ncp+88JMu7rL3ZxjFjCD:cdxGE++vkIY4MHdtXA9uM2uF886wLjG

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks