General

  • Target

    add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403N.exe

  • Size

    120KB

  • Sample

    241215-3lmc7ssnfy

  • MD5

    0db980c729bbe020a9cba9b9be55b240

  • SHA1

    5234789f30ba143496d358bf8984b77553630679

  • SHA256

    add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403

  • SHA512

    e2d9220ca6bc171d280a3b6f398ee65299451a832e84edf29d48922ed9877d23e7bd7fefa492d4010d83cbd651423cd17491adb8f74d88d7b9fbf1c3cbe2746b

  • SSDEEP

    3072:fwksE/5ya0RBpWco/9yGreKRjrg1QFBNWDgYRRL7:fUaytu/9yGeKZg7fT

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403N.exe

    • Size

      120KB

    • MD5

      0db980c729bbe020a9cba9b9be55b240

    • SHA1

      5234789f30ba143496d358bf8984b77553630679

    • SHA256

      add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403

    • SHA512

      e2d9220ca6bc171d280a3b6f398ee65299451a832e84edf29d48922ed9877d23e7bd7fefa492d4010d83cbd651423cd17491adb8f74d88d7b9fbf1c3cbe2746b

    • SSDEEP

      3072:fwksE/5ya0RBpWco/9yGreKRjrg1QFBNWDgYRRL7:fUaytu/9yGeKZg7fT

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks