General

  • Target

    e1f66f7348a2ceda87f7dd5af3901aa5e89ee97fa669153226628fc558a3293a.exe

  • Size

    120KB

  • Sample

    241217-htqelsvkan

  • MD5

    0210cbc4b6d66022efb805cbae0f1ca8

  • SHA1

    27d7f3a7c6bd9fca35d4217854bf728531c2109f

  • SHA256

    e1f66f7348a2ceda87f7dd5af3901aa5e89ee97fa669153226628fc558a3293a

  • SHA512

    027ada9af5e37bfd4fbdd80648c4ebd248348e572fe318b9bd8a6a3ea44e2ad164a1a94f1f6ebfc7c096ea731fbb769b63de87f11b07755db4bb676d3e9389e6

  • SSDEEP

    3072:SRNVJyy4a0n05O8O0k8zvyEOzRJBgfjDI9k+X:SRfJx5nBk84gbQ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e1f66f7348a2ceda87f7dd5af3901aa5e89ee97fa669153226628fc558a3293a.exe

    • Size

      120KB

    • MD5

      0210cbc4b6d66022efb805cbae0f1ca8

    • SHA1

      27d7f3a7c6bd9fca35d4217854bf728531c2109f

    • SHA256

      e1f66f7348a2ceda87f7dd5af3901aa5e89ee97fa669153226628fc558a3293a

    • SHA512

      027ada9af5e37bfd4fbdd80648c4ebd248348e572fe318b9bd8a6a3ea44e2ad164a1a94f1f6ebfc7c096ea731fbb769b63de87f11b07755db4bb676d3e9389e6

    • SSDEEP

      3072:SRNVJyy4a0n05O8O0k8zvyEOzRJBgfjDI9k+X:SRfJx5nBk84gbQ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks