General

  • Target

    2331e9c89d4883bf86d29b958455ecf5a5efe919445c3007d72fadd6d9e0f20fN.exe

  • Size

    120KB

  • Sample

    241218-elfnnaskfs

  • MD5

    4ff5898b3ac6b515d7360428572c16c0

  • SHA1

    91ec9c930774a570ac52d6ad5cdc22147cc922b4

  • SHA256

    2331e9c89d4883bf86d29b958455ecf5a5efe919445c3007d72fadd6d9e0f20f

  • SHA512

    2f2cd36fa87c82237a3692f479f5ef7aa04d401e0f4222e40bc9f2774b5e4340a728ec8793ddc80691a58ece5bb5bb7b4d87a67897f617e95d62059b614bf285

  • SSDEEP

    3072:DsQ+oxdyoCE8n1YSFBB6DNKPfnGH8uwCK:n9CE8nRb6D42H6P

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2331e9c89d4883bf86d29b958455ecf5a5efe919445c3007d72fadd6d9e0f20fN.exe

    • Size

      120KB

    • MD5

      4ff5898b3ac6b515d7360428572c16c0

    • SHA1

      91ec9c930774a570ac52d6ad5cdc22147cc922b4

    • SHA256

      2331e9c89d4883bf86d29b958455ecf5a5efe919445c3007d72fadd6d9e0f20f

    • SHA512

      2f2cd36fa87c82237a3692f479f5ef7aa04d401e0f4222e40bc9f2774b5e4340a728ec8793ddc80691a58ece5bb5bb7b4d87a67897f617e95d62059b614bf285

    • SSDEEP

      3072:DsQ+oxdyoCE8n1YSFBB6DNKPfnGH8uwCK:n9CE8nRb6D42H6P

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks