General

  • Target

    8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135N

  • Size

    120KB

  • Sample

    241109-m7k49swlgn

  • MD5

    190dd4b5a2cca66b70e44dcc9d4b87a0

  • SHA1

    0cb4dc0c74162953ef9832f45726460ae8e30762

  • SHA256

    8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135

  • SHA512

    091f476fcf2d29e387aaaa4a76199b59153ace9e7cd9887cf3ebb767a6bed6f22719e2d1ff6107c0a0fe47eb9f8fcd7f758efe2a465c6bb8121f4e528c53ca99

  • SSDEEP

    1536:xm+OqUXdoD2omP4MY/5lxxIx1SwQGkK+3auhQT6e7L+7VIeaWwxKup+RX:s+wdoD2oQsl4OG1+O/G+xNpK

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135N

    • Size

      120KB

    • MD5

      190dd4b5a2cca66b70e44dcc9d4b87a0

    • SHA1

      0cb4dc0c74162953ef9832f45726460ae8e30762

    • SHA256

      8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135

    • SHA512

      091f476fcf2d29e387aaaa4a76199b59153ace9e7cd9887cf3ebb767a6bed6f22719e2d1ff6107c0a0fe47eb9f8fcd7f758efe2a465c6bb8121f4e528c53ca99

    • SSDEEP

      1536:xm+OqUXdoD2omP4MY/5lxxIx1SwQGkK+3auhQT6e7L+7VIeaWwxKup+RX:s+wdoD2oQsl4OG1+O/G+xNpK

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks