General

  • Target

    dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83

  • Size

    806KB

  • Sample

    241218-ae3gmavpcm

  • MD5

    0d4e858ca6ceef5d23c89fdcd1d54463

  • SHA1

    68a99e1e6dacf4cd8128066e69f9be34ca4064fb

  • SHA256

    dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83

  • SHA512

    004c5f350054e87ce0a746147e4aa0077ff9debc147ec6f7ac3d1cea5e65ae3ad0125b11f15daadbb6cad6944befbb2aa6104ecb5186ff7fffafe227eb913af9

  • SSDEEP

    12288:UITsqgmDWSpR+Gq51gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBopvkf:UIXgCWSpRy5dSJVDsVu5unzqWvX14pcf

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83

    • Size

      806KB

    • MD5

      0d4e858ca6ceef5d23c89fdcd1d54463

    • SHA1

      68a99e1e6dacf4cd8128066e69f9be34ca4064fb

    • SHA256

      dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83

    • SHA512

      004c5f350054e87ce0a746147e4aa0077ff9debc147ec6f7ac3d1cea5e65ae3ad0125b11f15daadbb6cad6944befbb2aa6104ecb5186ff7fffafe227eb913af9

    • SSDEEP

      12288:UITsqgmDWSpR+Gq51gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBopvkf:UIXgCWSpRy5dSJVDsVu5unzqWvX14pcf

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks