General

  • Target

    6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7N

  • Size

    120KB

  • Sample

    241109-mb4azasfjn

  • MD5

    ae5c0499c38124404fa3b66e4cdeedf0

  • SHA1

    c20804772d8c29f8db027556e24d119ec5b4672b

  • SHA256

    6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7

  • SHA512

    01d5872d127e7bc87641d85c4b4be88b89d124227ca8edaa4bcc1628fd0e13835f73bd9dcae3c213208197609e63401fe067f7bdd64b9f40cf20ea2b00413fb4

  • SSDEEP

    3072:xpNxlnmbwhPBdcyJ57nPXIkQ2JFtB48hO0:xpNxGUXcyJ57PY/oHSD

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7N

    • Size

      120KB

    • MD5

      ae5c0499c38124404fa3b66e4cdeedf0

    • SHA1

      c20804772d8c29f8db027556e24d119ec5b4672b

    • SHA256

      6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7

    • SHA512

      01d5872d127e7bc87641d85c4b4be88b89d124227ca8edaa4bcc1628fd0e13835f73bd9dcae3c213208197609e63401fe067f7bdd64b9f40cf20ea2b00413fb4

    • SSDEEP

      3072:xpNxlnmbwhPBdcyJ57nPXIkQ2JFtB48hO0:xpNxGUXcyJ57PY/oHSD

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks