General

  • Target

    6d300578022f5d4e6f842375f9611ad4341fc75b644d6d67c76220a71268e894.exe

  • Size

    417KB

  • Sample

    241218-awbegavkdv

  • MD5

    ab36f011716ff8c3035c7201689f6896

  • SHA1

    3cb1fdd41fa4fd02faef7fccddc3d7aa62f83097

  • SHA256

    6d300578022f5d4e6f842375f9611ad4341fc75b644d6d67c76220a71268e894

  • SHA512

    c2fe8867855be40f5e9551a3c89957f8d14808de83908dbe305dcc65c4f9c55dc55badd11cc1b38f1f7d33c521c20c9d124c3590ec823537d3d83a794415661d

  • SSDEEP

    6144:GWb6GdYJGY1CLKd6Gr5xZH8XL7k19X0eTLE9AIHR1y9X9bk/0fkU/ADpWE67:GWbvhLq6y3H8X3k1liabe0fk2AD8d

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      6d300578022f5d4e6f842375f9611ad4341fc75b644d6d67c76220a71268e894.exe

    • Size

      417KB

    • MD5

      ab36f011716ff8c3035c7201689f6896

    • SHA1

      3cb1fdd41fa4fd02faef7fccddc3d7aa62f83097

    • SHA256

      6d300578022f5d4e6f842375f9611ad4341fc75b644d6d67c76220a71268e894

    • SHA512

      c2fe8867855be40f5e9551a3c89957f8d14808de83908dbe305dcc65c4f9c55dc55badd11cc1b38f1f7d33c521c20c9d124c3590ec823537d3d83a794415661d

    • SSDEEP

      6144:GWb6GdYJGY1CLKd6Gr5xZH8XL7k19X0eTLE9AIHR1y9X9bk/0fkU/ADpWE67:GWbvhLq6y3H8X3k1liabe0fk2AD8d

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks