General

  • Target

    46e52ebe9ca1e81e8564973c9748091e393f8296889d46658209ef3a524f688f

  • Size

    1.3MB

  • Sample

    241109-g9eglszcjc

  • MD5

    487c1c1ad0a22bf8c630cc50d9367f81

  • SHA1

    0e4c165af665856f5307a159b756fbb2c733f8a4

  • SHA256

    46e52ebe9ca1e81e8564973c9748091e393f8296889d46658209ef3a524f688f

  • SHA512

    1da14e13d970005b11f0785b4be5be5d53d31dbc1cbf0ba4f61d3d7ab904d1132cc6b70016f8d23643ef7ddb56820f2d8130e455bb714a6186b3b1ca85d753c6

  • SSDEEP

    24576:STYjkCmsr6xD0VwA5lobrasS56Wrp0lS3C39yPyzmxdBCR:y9oVdlobrask3CNyDdBg

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      46e52ebe9ca1e81e8564973c9748091e393f8296889d46658209ef3a524f688f

    • Size

      1.3MB

    • MD5

      487c1c1ad0a22bf8c630cc50d9367f81

    • SHA1

      0e4c165af665856f5307a159b756fbb2c733f8a4

    • SHA256

      46e52ebe9ca1e81e8564973c9748091e393f8296889d46658209ef3a524f688f

    • SHA512

      1da14e13d970005b11f0785b4be5be5d53d31dbc1cbf0ba4f61d3d7ab904d1132cc6b70016f8d23643ef7ddb56820f2d8130e455bb714a6186b3b1ca85d753c6

    • SSDEEP

      24576:STYjkCmsr6xD0VwA5lobrasS56Wrp0lS3C39yPyzmxdBCR:y9oVdlobrask3CNyDdBg

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks