General

  • Target

    7e53b8e658eed926b996fbbfbc86c28b9df9b50856070885c389c870164bec91

  • Size

    120KB

  • Sample

    241218-apcc7awjer

  • MD5

    3d23bec139f17f1a2d71a1ba307f070e

  • SHA1

    2b873ae58c43c9c40323b17ebb1939f50eb920dc

  • SHA256

    7e53b8e658eed926b996fbbfbc86c28b9df9b50856070885c389c870164bec91

  • SHA512

    28bb36b9e22e0472afd35a619346525023599a8e759e5b7dce7551b07e197c24abc486d1f226eb2ad7b2ae49ddfe1a138c566a51d012a128bf1271cafbff8ae9

  • SSDEEP

    1536:v2Y+UGqC347srhQJaSYn+0cERSYah03cSceVfZl12DU/aLQTna5LRYENoYL:v9GqC3RrhQJuRptaa3cSdpheFUTNuog

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7e53b8e658eed926b996fbbfbc86c28b9df9b50856070885c389c870164bec91

    • Size

      120KB

    • MD5

      3d23bec139f17f1a2d71a1ba307f070e

    • SHA1

      2b873ae58c43c9c40323b17ebb1939f50eb920dc

    • SHA256

      7e53b8e658eed926b996fbbfbc86c28b9df9b50856070885c389c870164bec91

    • SHA512

      28bb36b9e22e0472afd35a619346525023599a8e759e5b7dce7551b07e197c24abc486d1f226eb2ad7b2ae49ddfe1a138c566a51d012a128bf1271cafbff8ae9

    • SSDEEP

      1536:v2Y+UGqC347srhQJaSYn+0cERSYah03cSceVfZl12DU/aLQTna5LRYENoYL:v9GqC3RrhQJuRptaa3cSdpheFUTNuog

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks