General

  • Target

    766ad1604235763431c502e7b5ad0aa3b0f35753dc4dee0b655b385d59ed878a

  • Size

    120KB

  • Sample

    241217-31vccsvmbn

  • MD5

    8990526710c4a5468b85a54a3e7cde6c

  • SHA1

    1cc39153a8badde651f62158ac2cb3433ad6afd8

  • SHA256

    766ad1604235763431c502e7b5ad0aa3b0f35753dc4dee0b655b385d59ed878a

  • SHA512

    e23a118bfbf20a62dc92811cd7dd0c54eda1ad9afc3e1e60ec484b06ced399ac2fd671cd96b33385064abc0a32bb721c058129a71c0494d628ad6d6301321d53

  • SSDEEP

    1536:vx94sbeY6niLzwOZlDbhV7DcxTQsnjzdgOktz3CMd0DPUDKdGVIKLymIrjzs2VK2:vxeKeY6niowaVjPI7CPbUD8GHLg

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      766ad1604235763431c502e7b5ad0aa3b0f35753dc4dee0b655b385d59ed878a

    • Size

      120KB

    • MD5

      8990526710c4a5468b85a54a3e7cde6c

    • SHA1

      1cc39153a8badde651f62158ac2cb3433ad6afd8

    • SHA256

      766ad1604235763431c502e7b5ad0aa3b0f35753dc4dee0b655b385d59ed878a

    • SHA512

      e23a118bfbf20a62dc92811cd7dd0c54eda1ad9afc3e1e60ec484b06ced399ac2fd671cd96b33385064abc0a32bb721c058129a71c0494d628ad6d6301321d53

    • SSDEEP

      1536:vx94sbeY6niLzwOZlDbhV7DcxTQsnjzdgOktz3CMd0DPUDKdGVIKLymIrjzs2VK2:vxeKeY6niowaVjPI7CPbUD8GHLg

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks