General

  • Target

    00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3N

  • Size

    65KB

  • Sample

    241109-nqlj5stend

  • MD5

    ac0b8fdfa95d6790ce66a9ac991e8be0

  • SHA1

    a9f109b43d42497420d647f37af0727757347eb9

  • SHA256

    00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3

  • SHA512

    bed21784cce92cd970cf15adc22406fd26766ebebb9fd203009bfc32fedff1ed4f37a2b64971f9d3b5070a933452af2e03983180c5c52d429eaffa4d2c88936c

  • SSDEEP

    1536:+wijKgcZw3KlnoM3VrK7bCwmNuWwPKxPQaEkVVMPd:+RDKxKPCwmGIhPCd

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3N

    • Size

      65KB

    • MD5

      ac0b8fdfa95d6790ce66a9ac991e8be0

    • SHA1

      a9f109b43d42497420d647f37af0727757347eb9

    • SHA256

      00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3

    • SHA512

      bed21784cce92cd970cf15adc22406fd26766ebebb9fd203009bfc32fedff1ed4f37a2b64971f9d3b5070a933452af2e03983180c5c52d429eaffa4d2c88936c

    • SSDEEP

      1536:+wijKgcZw3KlnoM3VrK7bCwmNuWwPKxPQaEkVVMPd:+RDKxKPCwmGIhPCd

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks