General

  • Target

    93caddc66fb953d57f341683a4d14bad0dcf94d18052d266010a9ae569c0aefaN

  • Size

    120KB

  • Sample

    241110-s4269szelf

  • MD5

    ea9cdf4d2d178396d99f61b515402ca0

  • SHA1

    ef6543e6d01dd7ad4883585f82de172ed59560ca

  • SHA256

    93caddc66fb953d57f341683a4d14bad0dcf94d18052d266010a9ae569c0aefa

  • SHA512

    fdd5c6bc31b9ecbe801e0b5d860ba3586c53fa6b80a020cfe932c27cdbb710bef329f30e7f894bbcaaf3cfbb67a9b720844c14636ccf92615f27f0d7368fc3e9

  • SSDEEP

    1536:nyZhxMtiic0kIC0QVX0eCFy5CP9UvxQY2t3abISd/dt+gwthopVbSXeAtEHA:nyJdy1QN0eCFyIm2qbISUztXFtuA

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      93caddc66fb953d57f341683a4d14bad0dcf94d18052d266010a9ae569c0aefaN

    • Size

      120KB

    • MD5

      ea9cdf4d2d178396d99f61b515402ca0

    • SHA1

      ef6543e6d01dd7ad4883585f82de172ed59560ca

    • SHA256

      93caddc66fb953d57f341683a4d14bad0dcf94d18052d266010a9ae569c0aefa

    • SHA512

      fdd5c6bc31b9ecbe801e0b5d860ba3586c53fa6b80a020cfe932c27cdbb710bef329f30e7f894bbcaaf3cfbb67a9b720844c14636ccf92615f27f0d7368fc3e9

    • SSDEEP

      1536:nyZhxMtiic0kIC0QVX0eCFy5CP9UvxQY2t3abISd/dt+gwthopVbSXeAtEHA:nyJdy1QN0eCFyIm2qbISUztXFtuA

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks