General

  • Target

    a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928

  • Size

    65KB

  • Sample

    241117-jzy5dazkcp

  • MD5

    d66f3c645f58b64bc55e4ce62fbe08c0

  • SHA1

    afc8e9252edaecfd997f16676b3924824b20359d

  • SHA256

    a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928

  • SHA512

    5d26b95027b67d3cef772f6383d56b13f9aa0215f75c3789c99eaf80f63950542ff4d59e1a8baafa8d07358670e0e9d34065b8e0ed281a44465a0a5a4c7c8ba3

  • SSDEEP

    768:AqW5JlyUJzjzA3Jvpxs15ej38+Yrjoj5gKHPYZC7j2UoX/qQj7LJLufNKaIXV3M:Asao65Q31Yrkj5g0gZABEJLuhIXW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928

    • Size

      65KB

    • MD5

      d66f3c645f58b64bc55e4ce62fbe08c0

    • SHA1

      afc8e9252edaecfd997f16676b3924824b20359d

    • SHA256

      a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928

    • SHA512

      5d26b95027b67d3cef772f6383d56b13f9aa0215f75c3789c99eaf80f63950542ff4d59e1a8baafa8d07358670e0e9d34065b8e0ed281a44465a0a5a4c7c8ba3

    • SSDEEP

      768:AqW5JlyUJzjzA3Jvpxs15ej38+Yrjoj5gKHPYZC7j2UoX/qQj7LJLufNKaIXV3M:Asao65Q31Yrkj5g0gZABEJLuhIXW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks