General

  • Target

    fec47fec1a8cdf3d653d138b138486f4d752918fe3915a6a71c7c25ca520e254N.exe

  • Size

    417KB

  • Sample

    241218-py4alazjaz

  • MD5

    b94f87ac6feabdedf683dce477390320

  • SHA1

    3da576d908bb47722f36d2564c7b3d39939355f7

  • SHA256

    fec47fec1a8cdf3d653d138b138486f4d752918fe3915a6a71c7c25ca520e254

  • SHA512

    7eec6a625ddf571b268e6290a495c3968d080fb2451a6dbd4ae97c7ad5ada348723db1a7387a18734aa124f76b47d0c56de44f5a2446763009e06ab67d770507

  • SSDEEP

    6144:GWb6GdYJGY1CLKd6Gr5xZH8XL7k19X0eTLE9AIHR1y9X9bk/0fkU/ADpWE6r:GWbvhLq6y3H8X3k1liabe0fk2AD8t

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fec47fec1a8cdf3d653d138b138486f4d752918fe3915a6a71c7c25ca520e254N.exe

    • Size

      417KB

    • MD5

      b94f87ac6feabdedf683dce477390320

    • SHA1

      3da576d908bb47722f36d2564c7b3d39939355f7

    • SHA256

      fec47fec1a8cdf3d653d138b138486f4d752918fe3915a6a71c7c25ca520e254

    • SHA512

      7eec6a625ddf571b268e6290a495c3968d080fb2451a6dbd4ae97c7ad5ada348723db1a7387a18734aa124f76b47d0c56de44f5a2446763009e06ab67d770507

    • SSDEEP

      6144:GWb6GdYJGY1CLKd6Gr5xZH8XL7k19X0eTLE9AIHR1y9X9bk/0fkU/ADpWE6r:GWbvhLq6y3H8X3k1liabe0fk2AD8t

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks