General

  • Target

    38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340.exe

  • Size

    120KB

  • Sample

    241218-czgf1ayngs

  • MD5

    e332db6d96fe722b502f23b8a9f02e33

  • SHA1

    2dbe856c7f26b9e71b4051fe82948d2faf4d4dd2

  • SHA256

    38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340

  • SHA512

    146280a1d2d84428f0c9b664e5803d56bb55340fb7078a665368abc39c8926d98a55511302e7b4a012a422ca9abfb21981bc6062e5f581b4992e9094f3662ba8

  • SSDEEP

    3072:RLuyL6Jn12tJB3ZaAs0R6Rc+1WDT0C/3l0Huj6Av7B:RLuG6JeBpO0RJTF/10Hu+MB

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340.exe

    • Size

      120KB

    • MD5

      e332db6d96fe722b502f23b8a9f02e33

    • SHA1

      2dbe856c7f26b9e71b4051fe82948d2faf4d4dd2

    • SHA256

      38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340

    • SHA512

      146280a1d2d84428f0c9b664e5803d56bb55340fb7078a665368abc39c8926d98a55511302e7b4a012a422ca9abfb21981bc6062e5f581b4992e9094f3662ba8

    • SSDEEP

      3072:RLuyL6Jn12tJB3ZaAs0R6Rc+1WDT0C/3l0Huj6Av7B:RLuG6JeBpO0RJTF/10Hu+MB

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks