General

  • Target

    096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99.exe

  • Size

    120KB

  • Sample

    241218-a3gj3avmfs

  • MD5

    3142c05abb2466d03a2745044c24ab87

  • SHA1

    1635996aee86c6bcf18c912dcf7d11a4bec38dd4

  • SHA256

    096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99

  • SHA512

    b47e3c362238af6025fe4e2c9ed07c662967b3e2c6289a22261e98d51eec6ff04813531ad85ba784331b82b455b9368a8982c79832b29c1ba730631c8edc4e12

  • SSDEEP

    3072:MkUaDkjCbY0yj6jpS7UA4gMUa81JzoQOkhV:MkUaDk90k7UAbMUayhoLkhV

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99.exe

    • Size

      120KB

    • MD5

      3142c05abb2466d03a2745044c24ab87

    • SHA1

      1635996aee86c6bcf18c912dcf7d11a4bec38dd4

    • SHA256

      096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99

    • SHA512

      b47e3c362238af6025fe4e2c9ed07c662967b3e2c6289a22261e98d51eec6ff04813531ad85ba784331b82b455b9368a8982c79832b29c1ba730631c8edc4e12

    • SSDEEP

      3072:MkUaDkjCbY0yj6jpS7UA4gMUa81JzoQOkhV:MkUaDk90k7UAbMUayhoLkhV

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks