General

  • Target

    b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130N.exe

  • Size

    120KB

  • Sample

    241217-z1bcpsxrfw

  • MD5

    1430f96da6630ed645c10a89e2ad3fa0

  • SHA1

    70c1b3e4676f98017fded905121995a1cf7a607d

  • SHA256

    b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130

  • SHA512

    7788bea75e68c629a164c3a6b9c060282e7699bb52e8edd906b1357e8c0fc0c702602f5a610a5633d11cfa8c825d4db436ff809dbae52144b577dae09923b5a4

  • SSDEEP

    1536:nteWGbTI21kNVKvLOLgtznu/qT5syoj4oygV26nUOVUtsSkqV4PVIDrh:nubE2a7ZUwqT+bEHgVvUaa463

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130N.exe

    • Size

      120KB

    • MD5

      1430f96da6630ed645c10a89e2ad3fa0

    • SHA1

      70c1b3e4676f98017fded905121995a1cf7a607d

    • SHA256

      b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130

    • SHA512

      7788bea75e68c629a164c3a6b9c060282e7699bb52e8edd906b1357e8c0fc0c702602f5a610a5633d11cfa8c825d4db436ff809dbae52144b577dae09923b5a4

    • SSDEEP

      1536:nteWGbTI21kNVKvLOLgtznu/qT5syoj4oygV26nUOVUtsSkqV4PVIDrh:nubE2a7ZUwqT+bEHgVvUaa463

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks