General

  • Target

    270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719.exe

  • Size

    499KB

  • Sample

    241218-1ktpsaspbx

  • MD5

    513adbaff9834e9531b99707b51849ba

  • SHA1

    9480449adcdd288e6b2331284838de464479111b

  • SHA256

    270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719

  • SHA512

    f073ba08e5272372211899b54aeee9b75a66f92ad441821797c90660aae252bea4c86a351110b2963fe5e80076b49e859594171bafe91346b2a8635d6e714518

  • SSDEEP

    6144:P0IEu0/l7rUdoqWMvjcw3sWSAoITM+NPUHFWna2Wb8dzLSAHRI5jq:u79qXvjRc5AoIY+NPUlWna8QD5O

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719.exe

    • Size

      499KB

    • MD5

      513adbaff9834e9531b99707b51849ba

    • SHA1

      9480449adcdd288e6b2331284838de464479111b

    • SHA256

      270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719

    • SHA512

      f073ba08e5272372211899b54aeee9b75a66f92ad441821797c90660aae252bea4c86a351110b2963fe5e80076b49e859594171bafe91346b2a8635d6e714518

    • SSDEEP

      6144:P0IEu0/l7rUdoqWMvjcw3sWSAoITM+NPUHFWna2Wb8dzLSAHRI5jq:u79qXvjRc5AoIY+NPUlWna8QD5O

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks