General

  • Target

    152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634.exe

  • Size

    120KB

  • Sample

    241218-2h8llavmbw

  • MD5

    23bda8ab0a97da69f454b3fb2ee3c927

  • SHA1

    385130ef11cd0689da7ab4ace23c5a45cf9fd76e

  • SHA256

    152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634

  • SHA512

    15e46b5e0d6a2b33a973e215e3bc032a5a4096d4b0a1e4a610937268f984d8f3bd084cfce4856ebe86ec43ba7fb4ebb9ee613a7fb294ffe151190f0145cf4f6d

  • SSDEEP

    1536:B3uvRxZMssQJDfxWjM7zmIcxufUv8OTaSCWsmhRFgBP9/st1Aev+bLAawYeih:tuv3hMj8zmffvPTfsmXF0Rstj+Lx9eih

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634.exe

    • Size

      120KB

    • MD5

      23bda8ab0a97da69f454b3fb2ee3c927

    • SHA1

      385130ef11cd0689da7ab4ace23c5a45cf9fd76e

    • SHA256

      152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634

    • SHA512

      15e46b5e0d6a2b33a973e215e3bc032a5a4096d4b0a1e4a610937268f984d8f3bd084cfce4856ebe86ec43ba7fb4ebb9ee613a7fb294ffe151190f0145cf4f6d

    • SSDEEP

      1536:B3uvRxZMssQJDfxWjM7zmIcxufUv8OTaSCWsmhRFgBP9/st1Aev+bLAawYeih:tuv3hMj8zmffvPTfsmXF0Rstj+Lx9eih

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks