General

  • Target

    a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bfN

  • Size

    65KB

  • Sample

    241109-g9eglsslhj

  • MD5

    346c4b9202360d9bb54d3295cdd4dac0

  • SHA1

    8a3d9679dae9110aa18ebe72626abcf7c5bab8e7

  • SHA256

    a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bf

  • SHA512

    6afaf563fb44e23c0e692b4c8cca3009e08795f2a52557ba9a84d91e67e58d48a3a2afd936993dae54320b93857b5122bf6157c04b05c6dbf46db05836db2084

  • SSDEEP

    1536:Os10H/HDCMzdU0H9bB2OM2GUSLpRTw6d02GbG54bwJ++7:Os6fHDCMWcJBpMtRME02eG546

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bfN

    • Size

      65KB

    • MD5

      346c4b9202360d9bb54d3295cdd4dac0

    • SHA1

      8a3d9679dae9110aa18ebe72626abcf7c5bab8e7

    • SHA256

      a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bf

    • SHA512

      6afaf563fb44e23c0e692b4c8cca3009e08795f2a52557ba9a84d91e67e58d48a3a2afd936993dae54320b93857b5122bf6157c04b05c6dbf46db05836db2084

    • SSDEEP

      1536:Os10H/HDCMzdU0H9bB2OM2GUSLpRTw6d02GbG54bwJ++7:Os6fHDCMWcJBpMtRME02eG546

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks