General

  • Target

    fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28N.exe

  • Size

    120KB

  • Sample

    241218-fqht9atray

  • MD5

    c59671ec62f385ed57472752b4544a00

  • SHA1

    5a3222912561c89bbb05c99ab0260babeab96c9d

  • SHA256

    fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28

  • SHA512

    c94faa92d8194e6b0cd44e0eb89803e6a07c50dc2cafc4aaae6db67de540a819d5957a807d366ac98aba3bfc0406b6eb8ba39c8e4ffd3033ccc74991f3fe76db

  • SSDEEP

    3072:1VaQc7YLD0OHwM2mq349baISXXaRT+5oWj:s4AOHwMW34ZI+YoW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28N.exe

    • Size

      120KB

    • MD5

      c59671ec62f385ed57472752b4544a00

    • SHA1

      5a3222912561c89bbb05c99ab0260babeab96c9d

    • SHA256

      fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28

    • SHA512

      c94faa92d8194e6b0cd44e0eb89803e6a07c50dc2cafc4aaae6db67de540a819d5957a807d366ac98aba3bfc0406b6eb8ba39c8e4ffd3033ccc74991f3fe76db

    • SSDEEP

      3072:1VaQc7YLD0OHwM2mq349baISXXaRT+5oWj:s4AOHwMW34ZI+YoW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks