General

  • Target

    b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cdN.exe

  • Size

    194KB

  • Sample

    241218-a15h4svmbx

  • MD5

    f308e5e05010a58177bc9157a5eff140

  • SHA1

    2720b76d2810dcdabde895ba8d583b11c8d2eba1

  • SHA256

    b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cd

  • SHA512

    af4b6bfa2cf5bb09429eb2ef13453796eda8d52728e2c6384cf9e6b0f1a04ab2f0cf344586788a89b8f4f3aca499f74d7a473bc3e0c733471dc93a47a4370398

  • SSDEEP

    6144:iNSDyDIkFthpNTeF9sQKprqd9tEOdVv9HZHZ0S8Pie:KSDyTFtjdc9sQapOT9Hf0zPie

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cdN.exe

    • Size

      194KB

    • MD5

      f308e5e05010a58177bc9157a5eff140

    • SHA1

      2720b76d2810dcdabde895ba8d583b11c8d2eba1

    • SHA256

      b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cd

    • SHA512

      af4b6bfa2cf5bb09429eb2ef13453796eda8d52728e2c6384cf9e6b0f1a04ab2f0cf344586788a89b8f4f3aca499f74d7a473bc3e0c733471dc93a47a4370398

    • SSDEEP

      6144:iNSDyDIkFthpNTeF9sQKprqd9tEOdVv9HZHZ0S8Pie:KSDyTFtjdc9sQapOT9Hf0zPie

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks