General

  • Target

    5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3N.exe

  • Size

    120KB

  • Sample

    241218-3e3fvawqat

  • MD5

    76bf3fcf4a0f2fe419184c256d6b8c00

  • SHA1

    177db3dd3dba0107bf2b2c384f001d698c7a1b57

  • SHA256

    5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3

  • SHA512

    2372f0f2966975ec11b239b881cf5524294bd38ff77ca6d76a27995620ce66155aeba4d234886bbe9ef68c411dc1be3d00821b182c96084ec0da9b0ecadf80f6

  • SSDEEP

    1536:21wWIdV9BfHvEqFjJVylnjFn6apvtq0bckiobDlYLbxP6d6wipHUNdcUiulfQ:26WIdV9BfHcF5jd1nQkiQUFg0mf

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3N.exe

    • Size

      120KB

    • MD5

      76bf3fcf4a0f2fe419184c256d6b8c00

    • SHA1

      177db3dd3dba0107bf2b2c384f001d698c7a1b57

    • SHA256

      5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3

    • SHA512

      2372f0f2966975ec11b239b881cf5524294bd38ff77ca6d76a27995620ce66155aeba4d234886bbe9ef68c411dc1be3d00821b182c96084ec0da9b0ecadf80f6

    • SSDEEP

      1536:21wWIdV9BfHvEqFjJVylnjFn6apvtq0bckiobDlYLbxP6d6wipHUNdcUiulfQ:26WIdV9BfHcF5jd1nQkiQUFg0mf

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks