General

  • Target

    3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08faN

  • Size

    120KB

  • Sample

    241110-tzqs4s1bra

  • MD5

    877ccc1c790f7d296afff2f974812bb0

  • SHA1

    2d96082c19a009b2b854e37310d2fa614c2bf54b

  • SHA256

    3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08fa

  • SHA512

    08486a5169d32eff571af11218e00bf5710bce57edf2182523281cd406f5b9646ecc2a880c7fe516b26963ec1bb289622d0e51927c99841fd6918a0ecf3620f7

  • SSDEEP

    3072:s8AbT3UEbWCWqhNbCH236tcaBZTbpvQkrn:ZAHUEi6hNL3wcMQk

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08faN

    • Size

      120KB

    • MD5

      877ccc1c790f7d296afff2f974812bb0

    • SHA1

      2d96082c19a009b2b854e37310d2fa614c2bf54b

    • SHA256

      3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08fa

    • SHA512

      08486a5169d32eff571af11218e00bf5710bce57edf2182523281cd406f5b9646ecc2a880c7fe516b26963ec1bb289622d0e51927c99841fd6918a0ecf3620f7

    • SSDEEP

      3072:s8AbT3UEbWCWqhNbCH236tcaBZTbpvQkrn:ZAHUEi6hNL3wcMQk

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks