General

  • Target

    0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a

  • Size

    3.1MB

  • Sample

    241110-ntw52syqen

  • MD5

    b69d0bfe6ed4cb65ffb5ae1bf495d7be

  • SHA1

    98a509894522b7b5e6f4fbd5d226c6aa4389fa14

  • SHA256

    0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a

  • SHA512

    e45f7bc9c631318aa40ee4d43579740741337f106f1d4df52c06c5e9688397d01b58d7b40075bd5a8bd54f143becf59ca40ddd1366f21b9a96be460730ef2204

  • SSDEEP

    98304:IC7vsT26FZ2B3rX315DZk/jTE8At/4OOOOOOE8/Z/Apg8SBySg:z4dZO3z315D208Atj8/Z/Apg8V

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a

    • Size

      3.1MB

    • MD5

      b69d0bfe6ed4cb65ffb5ae1bf495d7be

    • SHA1

      98a509894522b7b5e6f4fbd5d226c6aa4389fa14

    • SHA256

      0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a

    • SHA512

      e45f7bc9c631318aa40ee4d43579740741337f106f1d4df52c06c5e9688397d01b58d7b40075bd5a8bd54f143becf59ca40ddd1366f21b9a96be460730ef2204

    • SSDEEP

      98304:IC7vsT26FZ2B3rX315DZk/jTE8At/4OOOOOOE8/Z/Apg8SBySg:z4dZO3z315D208Atj8/Z/Apg8V

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks