General

  • Target

    4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8

  • Size

    1.5MB

  • Sample

    241109-eqb62aznap

  • MD5

    da7ab33bf84184c04ec15537d15b1167

  • SHA1

    85a059e97fa791bd3e1ae650c086e0e8c1a132ca

  • SHA256

    4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8

  • SHA512

    d0eb0f689bbfa22cb49b17d1bd791c31bf0c959795a824ce38a68b9811d7f176790c6abbc7d9fbcb0c6657f4bfb3c0c9f634300cd43ee8d1b511fd685bf48c09

  • SSDEEP

    24576:LadEpF0SpVkxrnJUjX/2/BffZVt+xd3voH/m6y4YxqXbaHBkBcM2lE4ZEbL0HzCN:LzrZeZfjy4Yx+ahplEmA8WD

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8

    • Size

      1.5MB

    • MD5

      da7ab33bf84184c04ec15537d15b1167

    • SHA1

      85a059e97fa791bd3e1ae650c086e0e8c1a132ca

    • SHA256

      4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8

    • SHA512

      d0eb0f689bbfa22cb49b17d1bd791c31bf0c959795a824ce38a68b9811d7f176790c6abbc7d9fbcb0c6657f4bfb3c0c9f634300cd43ee8d1b511fd685bf48c09

    • SSDEEP

      24576:LadEpF0SpVkxrnJUjX/2/BffZVt+xd3voH/m6y4YxqXbaHBkBcM2lE4ZEbL0HzCN:LzrZeZfjy4Yx+ahplEmA8WD

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks