General

  • Target

    474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b

  • Size

    409KB

  • Sample

    241112-1k4jzsvpaq

  • MD5

    c363f6ff4a7827f0361df2e40ff059df

  • SHA1

    eb6581a9e23660fdb63dbb7b1c85e8ef42c14003

  • SHA256

    474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b

  • SHA512

    2339be80b091d94b85ebff304c776c078a9246e3db2d9af3e4555471ceddf07875fed78eba7cdd37d64f5b0340aa3bf9c20dc905b7e2a61e929a8f17cca07ce7

  • SSDEEP

    3072:PGGgeOxL86PcvgKOEtgvZPITucCTiMSBEK1Ier5jslcnsG4/:OIOxLfPcvgKVUZQqcCT6HB9lDC

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b

    • Size

      409KB

    • MD5

      c363f6ff4a7827f0361df2e40ff059df

    • SHA1

      eb6581a9e23660fdb63dbb7b1c85e8ef42c14003

    • SHA256

      474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b

    • SHA512

      2339be80b091d94b85ebff304c776c078a9246e3db2d9af3e4555471ceddf07875fed78eba7cdd37d64f5b0340aa3bf9c20dc905b7e2a61e929a8f17cca07ce7

    • SSDEEP

      3072:PGGgeOxL86PcvgKOEtgvZPITucCTiMSBEK1Ier5jslcnsG4/:OIOxLfPcvgKVUZQqcCT6HB9lDC

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks