General

  • Target

    75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523N

  • Size

    120KB

  • Sample

    241110-s31baasqeq

  • MD5

    6f3129ab174b5720b7795d68a8037ee0

  • SHA1

    cee4e90e6dbaff85c2db0bef2c1f563dea511c74

  • SHA256

    75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523

  • SHA512

    3881014638e140cfdd90a7570bcbc91c9afc1a655d3adf924085df7eae7862c94d43395ecfa8b7671e8c4cf95e8e21e8d75894984c9f3f266b1b37e9daa53cfe

  • SSDEEP

    1536:2zATEx3mTNOI8HVQjztxx1t6kjOSP72/MQrDVML2YsGQslv7IE+0:T35OIsVQ3txx1UkjOSPa/H5jslMf

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523N

    • Size

      120KB

    • MD5

      6f3129ab174b5720b7795d68a8037ee0

    • SHA1

      cee4e90e6dbaff85c2db0bef2c1f563dea511c74

    • SHA256

      75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523

    • SHA512

      3881014638e140cfdd90a7570bcbc91c9afc1a655d3adf924085df7eae7862c94d43395ecfa8b7671e8c4cf95e8e21e8d75894984c9f3f266b1b37e9daa53cfe

    • SSDEEP

      1536:2zATEx3mTNOI8HVQjztxx1t6kjOSP72/MQrDVML2YsGQslv7IE+0:T35OIsVQ3txx1UkjOSPa/H5jslMf

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks