General

  • Target

    042024c76226589483949368d0c8852e537170bec8d9026bcd21f086324fdf9c.exe

  • Size

    5.0MB

  • Sample

    241218-3nljpaxqdn

  • MD5

    a92b443dc582169834a6b539e850f3da

  • SHA1

    1bdddf8857f07fc59121d8e062fd02ae0468d111

  • SHA256

    042024c76226589483949368d0c8852e537170bec8d9026bcd21f086324fdf9c

  • SHA512

    f9ba4e53dcf9484f3bd6912fda1537a66defefbe010101fff5aa4f07791910ec10178b56175cb45cd0273d6235008a37869243f981df0c0a6c2f046741657d39

  • SSDEEP

    98304:gqTQ5IvXDChYELUJkTWV+r6zT0o4f1TzGOnfFbAhNNSWwyvYKM8S:RTQ5IvXDCOMU+TZ6zgPbAhNmyvYn

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      042024c76226589483949368d0c8852e537170bec8d9026bcd21f086324fdf9c.exe

    • Size

      5.0MB

    • MD5

      a92b443dc582169834a6b539e850f3da

    • SHA1

      1bdddf8857f07fc59121d8e062fd02ae0468d111

    • SHA256

      042024c76226589483949368d0c8852e537170bec8d9026bcd21f086324fdf9c

    • SHA512

      f9ba4e53dcf9484f3bd6912fda1537a66defefbe010101fff5aa4f07791910ec10178b56175cb45cd0273d6235008a37869243f981df0c0a6c2f046741657d39

    • SSDEEP

      98304:gqTQ5IvXDChYELUJkTWV+r6zT0o4f1TzGOnfFbAhNNSWwyvYKM8S:RTQ5IvXDCOMU+TZ6zgPbAhNmyvYn

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks