General

  • Target

    d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd.exe

  • Size

    97KB

  • Sample

    241218-ppn5bazpdk

  • MD5

    e81c742dfb0308a46bd6d17fac5f2ac9

  • SHA1

    6c9d54caaa727330da67711c13c593eb515c5423

  • SHA256

    d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd

  • SHA512

    067519ebff76fb28b8ed421bb992b17b476b517a30f3fa32f51a3b7a6fc0f83bb0de07ff6f7a0c8a0f26d157387966b7e24bd6942c5abfe89373ec05d05a0930

  • SSDEEP

    1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAfz:koq/TKlyhLXmTiL

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd.exe

    • Size

      97KB

    • MD5

      e81c742dfb0308a46bd6d17fac5f2ac9

    • SHA1

      6c9d54caaa727330da67711c13c593eb515c5423

    • SHA256

      d23219dd5f13fd57c3e5aca398600b7abb5dba995c1811d76c3e10a31d2754bd

    • SHA512

      067519ebff76fb28b8ed421bb992b17b476b517a30f3fa32f51a3b7a6fc0f83bb0de07ff6f7a0c8a0f26d157387966b7e24bd6942c5abfe89373ec05d05a0930

    • SSDEEP

      1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAfz:koq/TKlyhLXmTiL

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks