General

  • Target

    ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5accN

  • Size

    120KB

  • Sample

    241110-w93lrssgmg

  • MD5

    c4509350810f154a9a573721c34f1fe0

  • SHA1

    00daf53a8c492abe04ea1c688e1e436b51e88a21

  • SHA256

    ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5acc

  • SHA512

    b4e31e4cc67865b6c99d33122be134b09db3f47e3adb8e40fc468c2d99978c3a3c9093795fadd5023e758bda1ca068e70627f41ab9ba77a4022ca7d1ab35b493

  • SSDEEP

    3072:hy7pOQSt5xSVgHTD8R/Gf02eUJGWBEzlJo:hydOBt2ID8xGf1LBB6o

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5accN

    • Size

      120KB

    • MD5

      c4509350810f154a9a573721c34f1fe0

    • SHA1

      00daf53a8c492abe04ea1c688e1e436b51e88a21

    • SHA256

      ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5acc

    • SHA512

      b4e31e4cc67865b6c99d33122be134b09db3f47e3adb8e40fc468c2d99978c3a3c9093795fadd5023e758bda1ca068e70627f41ab9ba77a4022ca7d1ab35b493

    • SSDEEP

      3072:hy7pOQSt5xSVgHTD8R/Gf02eUJGWBEzlJo:hydOBt2ID8xGf1LBB6o

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks