General

  • Target

    d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd.exe

  • Size

    97KB

  • Sample

    241218-plx8taznbp

  • MD5

    e81c742dfb0308a46bd6d17fac5f2ac9

  • SHA1

    6c9d54caaa727330da67711c13c593eb515c5423

  • SHA256

    d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd

  • SHA512

    067519ebff76fb28b8ed421bb992b17b476b517a30f3fa32f51a3b7a6fc0f83bb0de07ff6f7a0c8a0f26d157387966b7e24bd6942c5abfe89373ec05d05a0930

  • SSDEEP

    1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAfz:koq/TKlyhLXmTiL

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd.exe

    • Size

      97KB

    • MD5

      e81c742dfb0308a46bd6d17fac5f2ac9

    • SHA1

      6c9d54caaa727330da67711c13c593eb515c5423

    • SHA256

      d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd

    • SHA512

      067519ebff76fb28b8ed421bb992b17b476b517a30f3fa32f51a3b7a6fc0f83bb0de07ff6f7a0c8a0f26d157387966b7e24bd6942c5abfe89373ec05d05a0930

    • SSDEEP

      1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAfz:koq/TKlyhLXmTiL

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.