General

  • Target

    0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90N.exe

  • Size

    120KB

  • Sample

    241218-3nmfzsxqdq

  • MD5

    cfe7a9a27fe96875a2243b167305dc70

  • SHA1

    5c88e967bc5ed3e0aef100943c86627784ed798d

  • SHA256

    0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90

  • SHA512

    4acedfde8fb90553864a02484fbad96bb97823a7fd9ed4b4a6cce4a2925601603d794cf3f8c4705149067429c725ffbf0284dfa9684e5e53567009be81538411

  • SSDEEP

    1536:djse0fRGwfJBkSbO8+7OQKwKk+ZzOXdwYh5ts0CQN+Sa3ish189uYc8g:dj8f04JBs8LcKkqKdwkA0CQN+Sax78

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90N.exe

    • Size

      120KB

    • MD5

      cfe7a9a27fe96875a2243b167305dc70

    • SHA1

      5c88e967bc5ed3e0aef100943c86627784ed798d

    • SHA256

      0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90

    • SHA512

      4acedfde8fb90553864a02484fbad96bb97823a7fd9ed4b4a6cce4a2925601603d794cf3f8c4705149067429c725ffbf0284dfa9684e5e53567009be81538411

    • SSDEEP

      1536:djse0fRGwfJBkSbO8+7OQKwKk+ZzOXdwYh5ts0CQN+Sa3ish189uYc8g:dj8f04JBs8LcKkqKdwkA0CQN+Sax78

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks