General

  • Target

    e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8N

  • Size

    120KB

  • Sample

    241109-pwav9svcjf

  • MD5

    ae26f2bb90555ca1658180bf8f40b3a0

  • SHA1

    e4162985fe4a59c56f7b7868f58fc8a8211c4a3f

  • SHA256

    e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8

  • SHA512

    62a2a006c36a3b8a5be3b12a572c38cd0bf69f7b15ad9e9ce64ee80c4be6f497b2291db35a5ae19567f0ca0c253fb56f5286106f4ef8904a4b3b57cbbdb988e8

  • SSDEEP

    3072:uiX4bPMBtgPpswBM8Y/GCxfAOVQWpSC8xcJTm:uiXGZPfjYOCxfAOVQgEcQ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8N

    • Size

      120KB

    • MD5

      ae26f2bb90555ca1658180bf8f40b3a0

    • SHA1

      e4162985fe4a59c56f7b7868f58fc8a8211c4a3f

    • SHA256

      e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8

    • SHA512

      62a2a006c36a3b8a5be3b12a572c38cd0bf69f7b15ad9e9ce64ee80c4be6f497b2291db35a5ae19567f0ca0c253fb56f5286106f4ef8904a4b3b57cbbdb988e8

    • SSDEEP

      3072:uiX4bPMBtgPpswBM8Y/GCxfAOVQWpSC8xcJTm:uiXGZPfjYOCxfAOVQgEcQ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks