General

  • Target

    5cdb87e908174caf73b12b6ab549c6254d75c3de4d2d80cd9d6d1f5cd2f37684

  • Size

    84KB

  • Sample

    241217-2w85aa1pbx

  • MD5

    abd64ef388dfd96f20ab51b6306acc22

  • SHA1

    3daf9dde1bfc9090697eaaece2e6768f01f3ee4c

  • SHA256

    5cdb87e908174caf73b12b6ab549c6254d75c3de4d2d80cd9d6d1f5cd2f37684

  • SHA512

    de02a043a7c3ea1a7e18878f99670c6e6bdb5a622a885b702588d0977649aa72cc104b7a80a91d1a2e6cb840fb7213001f3f59dcb1ea629f5cdeef708b01fc17

  • SSDEEP

    1536:iwhgVqmSmSlOulxCEa0D0NjIUT0qW0k9PBO3mG2wU3DuDim/iOp5+Q:ilVqmYlgcDvFCmG2wU3DbmBUQ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5cdb87e908174caf73b12b6ab549c6254d75c3de4d2d80cd9d6d1f5cd2f37684

    • Size

      84KB

    • MD5

      abd64ef388dfd96f20ab51b6306acc22

    • SHA1

      3daf9dde1bfc9090697eaaece2e6768f01f3ee4c

    • SHA256

      5cdb87e908174caf73b12b6ab549c6254d75c3de4d2d80cd9d6d1f5cd2f37684

    • SHA512

      de02a043a7c3ea1a7e18878f99670c6e6bdb5a622a885b702588d0977649aa72cc104b7a80a91d1a2e6cb840fb7213001f3f59dcb1ea629f5cdeef708b01fc17

    • SSDEEP

      1536:iwhgVqmSmSlOulxCEa0D0NjIUT0qW0k9PBO3mG2wU3DuDim/iOp5+Q:ilVqmYlgcDvFCmG2wU3DbmBUQ

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks