General

  • Target

    b4ca59b193590310ca0cc22fc5018436f0d2a11e4dac5062f08bc843b0d52051N.exe

  • Size

    120KB

  • Sample

    241218-3gb2nsxnan

  • MD5

    6822cd5469c25c382072458b053a95c0

  • SHA1

    374acaa4f173ccb2b9daad15bf14d61cc35680b8

  • SHA256

    b4ca59b193590310ca0cc22fc5018436f0d2a11e4dac5062f08bc843b0d52051

  • SHA512

    e26666bc769d4945b6ee7b924b189aca746ae8154badf5fe12e05d4834962b35f2ebfc6255e703e415a34d85fdffeac828e7da02ac6a5fdc5ce6b9c7edf7d954

  • SSDEEP

    1536:B3uvRxZMssQJDfxWjM7zmIcxufUv8OTaSCWsmhRFgBP9/st1Aev+bLAawYei:tuv3hMj8zmffvPTfsmXF0Rstj+Lx9ei

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      b4ca59b193590310ca0cc22fc5018436f0d2a11e4dac5062f08bc843b0d52051N.exe

    • Size

      120KB

    • MD5

      6822cd5469c25c382072458b053a95c0

    • SHA1

      374acaa4f173ccb2b9daad15bf14d61cc35680b8

    • SHA256

      b4ca59b193590310ca0cc22fc5018436f0d2a11e4dac5062f08bc843b0d52051

    • SHA512

      e26666bc769d4945b6ee7b924b189aca746ae8154badf5fe12e05d4834962b35f2ebfc6255e703e415a34d85fdffeac828e7da02ac6a5fdc5ce6b9c7edf7d954

    • SSDEEP

      1536:B3uvRxZMssQJDfxWjM7zmIcxufUv8OTaSCWsmhRFgBP9/st1Aev+bLAawYei:tuv3hMj8zmffvPTfsmXF0Rstj+Lx9ei

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks