General

  • Target

    db93ce71516473cb4313fd518894849bd3ab36b02efc256f8069306a8b1f06c1N.exe

  • Size

    120KB

  • Sample

    241215-1kmlgaxrgz

  • MD5

    4bd92a582168cff219e84f898f227c80

  • SHA1

    d0ed74cf500e8410d6ba0bb183baf08d6636fb6b

  • SHA256

    db93ce71516473cb4313fd518894849bd3ab36b02efc256f8069306a8b1f06c1

  • SHA512

    efffa5d86ed2f58c97297f74b999fa5a9ed51788b6ba3e6421b03bb61e182078406585a5f7a5e42efb2675d500ba5d2b5bee3c8f23318fe2da3b5a327fd5d965

  • SSDEEP

    3072:hwReFh3p38sVa3dH3KJavU2h+KJPNTsUo1T:2ReFh3ppVaN/vU2FZna

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      db93ce71516473cb4313fd518894849bd3ab36b02efc256f8069306a8b1f06c1N.exe

    • Size

      120KB

    • MD5

      4bd92a582168cff219e84f898f227c80

    • SHA1

      d0ed74cf500e8410d6ba0bb183baf08d6636fb6b

    • SHA256

      db93ce71516473cb4313fd518894849bd3ab36b02efc256f8069306a8b1f06c1

    • SHA512

      efffa5d86ed2f58c97297f74b999fa5a9ed51788b6ba3e6421b03bb61e182078406585a5f7a5e42efb2675d500ba5d2b5bee3c8f23318fe2da3b5a327fd5d965

    • SSDEEP

      3072:hwReFh3p38sVa3dH3KJavU2h+KJPNTsUo1T:2ReFh3ppVaN/vU2FZna

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks