General

  • Target

    17afab41ce7c42e19997f1b00d38676028752594c41e8975cf033f4d8641a2a6.exe

  • Size

    120KB

  • Sample

    241218-2enr1svkfy

  • MD5

    e5727499423bad7385bc6015935f0c3e

  • SHA1

    3f9c731f3a59adec1f6fb92ca3b1d0d4b94b6826

  • SHA256

    17afab41ce7c42e19997f1b00d38676028752594c41e8975cf033f4d8641a2a6

  • SHA512

    887314f5ede720fb6b439fa280c2a2594210a478934ff022be0c63148bd154010102d956eed8c55b551d63ebc7c5caa5afa4ccb8a09bce56e183b12435aa12c7

  • SSDEEP

    3072:/Rd1YU0RnXLo0SmMGZSubsbenBdKbCe2HH:ZdjQnXLkmpaeBU+e2n

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      17afab41ce7c42e19997f1b00d38676028752594c41e8975cf033f4d8641a2a6.exe

    • Size

      120KB

    • MD5

      e5727499423bad7385bc6015935f0c3e

    • SHA1

      3f9c731f3a59adec1f6fb92ca3b1d0d4b94b6826

    • SHA256

      17afab41ce7c42e19997f1b00d38676028752594c41e8975cf033f4d8641a2a6

    • SHA512

      887314f5ede720fb6b439fa280c2a2594210a478934ff022be0c63148bd154010102d956eed8c55b551d63ebc7c5caa5afa4ccb8a09bce56e183b12435aa12c7

    • SSDEEP

      3072:/Rd1YU0RnXLo0SmMGZSubsbenBdKbCe2HH:ZdjQnXLkmpaeBU+e2n

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks