General

  • Target

    a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9N

  • Size

    120KB

  • Sample

    241110-b5j9eazkgp

  • MD5

    377cbdad1a91a649c2706f3a78712a10

  • SHA1

    864451098f5858effbff0e0844b799633d907f7f

  • SHA256

    a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9

  • SHA512

    f774388415fe1e6c02b39678eb6d0cdeaa556deb61f37d3420c98eaacf9d77ff63a860af77824ad185ae175f3977ee2450c91f973e49047e8c5ff53ef5cdfb23

  • SSDEEP

    3072:yvHADPcH9T2DrjRE7HsgblHKKHOt8TL8v:sATO2fjm7Mgbl5+

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9N

    • Size

      120KB

    • MD5

      377cbdad1a91a649c2706f3a78712a10

    • SHA1

      864451098f5858effbff0e0844b799633d907f7f

    • SHA256

      a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9

    • SHA512

      f774388415fe1e6c02b39678eb6d0cdeaa556deb61f37d3420c98eaacf9d77ff63a860af77824ad185ae175f3977ee2450c91f973e49047e8c5ff53ef5cdfb23

    • SSDEEP

      3072:yvHADPcH9T2DrjRE7HsgblHKKHOt8TL8v:sATO2fjm7Mgbl5+

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks