General

  • Target

    7f7342bb44bc15922d3913bbae3cdffdb213cc48b0e4fbb025f47d538b372a22

  • Size

    77KB

  • Sample

    241218-aqws8atrgy

  • MD5

    96ddbc7fb609443446cd8c782961dcad

  • SHA1

    5e52beea80a2c3dd33cca3c502e06cabd76e84eb

  • SHA256

    7f7342bb44bc15922d3913bbae3cdffdb213cc48b0e4fbb025f47d538b372a22

  • SHA512

    2f5b2278e18a1b3e923c9a9bedde3f8030d78c9355b8d0d029fed63b710c259e2ad461e9b8dce76d3ea216f037c0bfd59e47082d12732345e9be40ebfaf4d3a7

  • SSDEEP

    1536:pT5wSCldZ644QHZHYB1rLVPSULAjlvbVj7ylwyaCcA7qO/VTMSy7:pT5ifJ4B9LVPxAjrj7ylECcYX/VTMS2

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7f7342bb44bc15922d3913bbae3cdffdb213cc48b0e4fbb025f47d538b372a22

    • Size

      77KB

    • MD5

      96ddbc7fb609443446cd8c782961dcad

    • SHA1

      5e52beea80a2c3dd33cca3c502e06cabd76e84eb

    • SHA256

      7f7342bb44bc15922d3913bbae3cdffdb213cc48b0e4fbb025f47d538b372a22

    • SHA512

      2f5b2278e18a1b3e923c9a9bedde3f8030d78c9355b8d0d029fed63b710c259e2ad461e9b8dce76d3ea216f037c0bfd59e47082d12732345e9be40ebfaf4d3a7

    • SSDEEP

      1536:pT5wSCldZ644QHZHYB1rLVPSULAjlvbVj7ylwyaCcA7qO/VTMSy7:pT5ifJ4B9LVPxAjrj7ylECcYX/VTMS2

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks