General

  • Target

    cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbfN.exe

  • Size

    97KB

  • Sample

    241218-a9w84avqaw

  • MD5

    f5a64358a7996b82fec32f8b5fda7b70

  • SHA1

    212001670df63d7e27743876e8bceae0a5861add

  • SHA256

    cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbf

  • SHA512

    3a1208cd37fa9c5dad734079429c61c067467d6ec038703d75035a337579499bf4db06784643ae8d46d7f09ace78bc15f70100573249a6facea63842400cfce6

  • SSDEEP

    1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAf:koq/TKlyhLXmTi

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbfN.exe

    • Size

      97KB

    • MD5

      f5a64358a7996b82fec32f8b5fda7b70

    • SHA1

      212001670df63d7e27743876e8bceae0a5861add

    • SHA256

      cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbf

    • SHA512

      3a1208cd37fa9c5dad734079429c61c067467d6ec038703d75035a337579499bf4db06784643ae8d46d7f09ace78bc15f70100573249a6facea63842400cfce6

    • SSDEEP

      1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAf:koq/TKlyhLXmTi

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks