General

  • Target

    486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1N.exe

  • Size

    1.3MB

  • Sample

    241205-1nv21stlas

  • MD5

    cd91c825d482580dd2f4a00d76a78690

  • SHA1

    c24649f329f58bd181eb019c58c6a60580817014

  • SHA256

    486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1

  • SHA512

    b76cd9973ca501d8c5b9855bee1a7604e705965828b09ed0a617f72131674165e0e42dd5d047f373483aa0f310b4b424d064176728355d3cdaa49ddd26ecb900

  • SSDEEP

    24576:wQJFy0QEUAHAFAA9uhI0QKMKapBBW00SL5V0EBIO:tquhxpt6BBW0/9zSO

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1N.exe

    • Size

      1.3MB

    • MD5

      cd91c825d482580dd2f4a00d76a78690

    • SHA1

      c24649f329f58bd181eb019c58c6a60580817014

    • SHA256

      486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1

    • SHA512

      b76cd9973ca501d8c5b9855bee1a7604e705965828b09ed0a617f72131674165e0e42dd5d047f373483aa0f310b4b424d064176728355d3cdaa49ddd26ecb900

    • SSDEEP

      24576:wQJFy0QEUAHAFAA9uhI0QKMKapBBW00SL5V0EBIO:tquhxpt6BBW0/9zSO

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks