General

  • Target

    45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961cN.exe

  • Size

    120KB

  • Sample

    241217-qbr5gs1kgk

  • MD5

    b6ce7c3172fddb028cfddb1e35a9bf00

  • SHA1

    f722e052fd534866af0cbf44e8a7f7d5c31c1b25

  • SHA256

    45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961c

  • SHA512

    bf8fa40d84e2c2c86704eac4dc71f7b7181097d744ab339081f1a6a900194903bceffa1f9af80f23d262667e5e29ea94df3412774123367a3cde4a23d5a78089

  • SSDEEP

    3072:zdpHLGyQBVcoHoMcv0+dtsyHRd1wnEyXee:fLW2KoMA0+dtLXOnfx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961cN.exe

    • Size

      120KB

    • MD5

      b6ce7c3172fddb028cfddb1e35a9bf00

    • SHA1

      f722e052fd534866af0cbf44e8a7f7d5c31c1b25

    • SHA256

      45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961c

    • SHA512

      bf8fa40d84e2c2c86704eac4dc71f7b7181097d744ab339081f1a6a900194903bceffa1f9af80f23d262667e5e29ea94df3412774123367a3cde4a23d5a78089

    • SSDEEP

      3072:zdpHLGyQBVcoHoMcv0+dtsyHRd1wnEyXee:fLW2KoMA0+dtLXOnfx

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks