General

  • Target

    7f062695f926c4e2a1c2fbbb198197e396bd0125448c3386e761142a160bdfb9.exe

  • Size

    120KB

  • Sample

    241218-b5ghhsxkbx

  • MD5

    66cd8f7903ebe6b3a6ca48c69b7b5fbd

  • SHA1

    85386e5417c72d77b90e3d287c88cef92b0253bf

  • SHA256

    7f062695f926c4e2a1c2fbbb198197e396bd0125448c3386e761142a160bdfb9

  • SHA512

    62303347daa3b6af61dd2d029efb090ef545ae5f8b30b57e0de5d21b47a550dd586c8db2bcd6d150f808404c9db00d86a2d1c48fc68d1b49a7175bcad124df36

  • SSDEEP

    1536:BHJPA12494n6e7Gt4nZvIbl9g+9SeJglqe3w52SBfLyMBzp8y0Tj9EEAoP:BZuvWGt4Ib/hMAiqM4Bf2W3doP

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7f062695f926c4e2a1c2fbbb198197e396bd0125448c3386e761142a160bdfb9.exe

    • Size

      120KB

    • MD5

      66cd8f7903ebe6b3a6ca48c69b7b5fbd

    • SHA1

      85386e5417c72d77b90e3d287c88cef92b0253bf

    • SHA256

      7f062695f926c4e2a1c2fbbb198197e396bd0125448c3386e761142a160bdfb9

    • SHA512

      62303347daa3b6af61dd2d029efb090ef545ae5f8b30b57e0de5d21b47a550dd586c8db2bcd6d150f808404c9db00d86a2d1c48fc68d1b49a7175bcad124df36

    • SSDEEP

      1536:BHJPA12494n6e7Gt4nZvIbl9g+9SeJglqe3w52SBfLyMBzp8y0Tj9EEAoP:BZuvWGt4Ib/hMAiqM4Bf2W3doP

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks