General

  • Target

    chinese telegram shit lol.rar

  • Size

    8.2MB

  • Sample

    241218-z9z3essrer

  • MD5

    58033d556161da7f1a3e06d572ff9a3d

  • SHA1

    85747cfdef83885e211ae59281296d559e8ad993

  • SHA256

    f5d8f3789b735ac3a21997797feaf45101ed73315e2a31434618f4f902b9317b

  • SHA512

    0d6bf7304d97e4d99f7c5c82185d76a745004ec75892bec95b4703384d50e6436be0e4ecbb135b222fea9aab76aa0566dfd1440b116a00ed16999e974942cb24

  • SSDEEP

    196608:LH+H/GbhpNrRGbhpNrEKKQdo+rqEOpJXxDdRHAaHx20Fqk7tQFZhmEe:EGbhpNrRGbhpNrDK0oQqTpBxDdRHnx+s

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      -°¦n+¦++.exe

    • Size

      1.6MB

    • MD5

      fa829b4b0756226de8b2b479f91c82f2

    • SHA1

      9073db73807de596b99bec8ff7c54da632afb399

    • SHA256

      b6cd133de42501483a7ba656c8727fe3f69961f0d9e3be7bafaf7747c68df775

    • SHA512

      4cce7a3bc488e3c1108cd43305c182d56287345379123c8800055305d8bff6f6bf2b01e5f7f49d140c8d2b1f965b879de53bebca38755aa386b730d610e3d2ad

    • SSDEEP

      49152:YrI6IISPM8EtQYJ7z0NdzF1Ech9P7Hg4F8hmslwX9:YYdPM3tQWf0jR19h9zUNg9

    Score
    1/10
    • Target

      PC远控测试-.exe

    • Size

      2.6MB

    • MD5

      b044b1bd454046017979442448a8e390

    • SHA1

      ded32e08fde6485cd314872f0b5ee9d8b66233d2

    • SHA256

      e351be996b4035fddffa0cbf6385568263edb38da2f6997487c15ac5fef3d905

    • SHA512

      2334eeec197ff2ea07edb8ec165ad0fd3494d29adebfea4131c91081adb5705a9fc0f8683941869f7aaefc114857049001ca241aed585ec8dea42b2c76b305f8

    • SSDEEP

      49152:VB38U5zFk1NhxsDT1T47R5FPfnH/EZUlimHQB5TxTE4CYn1bfHY2o:VtV74xswQBJxtf1b

    Score
    3/10
    • Target

      vip文件捆绑器.exe

    • Size

      1.4MB

    • MD5

      234673b74b8cf63fd7632fd016d5bf97

    • SHA1

      b8879f89fb52c9a28adf6cb7a76fc4153a9ee498

    • SHA256

      4f60677b90c4ef6a130b8df6ecacce77b8a3c10e2a38d9e76b03b169ae83f4cd

    • SHA512

      5994c95447a37afae559dd4846b8ca9af4e6dd6450145d3201ecc66cfd0377b61bbc47a454f6934e08fe2bc1c64b5ed8705e2006542e8029cdd5ae7551107b13

    • SSDEEP

      24576:89BQEqTGgNnJhiK54h0IvBkEp3W8AD/Dhd+y4lqJ8QdCYDoDNKn0RbpaoG8vn+Q:83XgtJhT9IvBsvD/DX+y4onCYDoDlNao

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      菲律宾王小柔疫情期间宾馆做爱视频流出.MP4.bat

    • Size

      340KB

    • MD5

      f2b6aae38b2a7d7eccd29f0293420d72

    • SHA1

      da9209e98438a66c6453010f65e2b5c427382963

    • SHA256

      db0c34fd60009271f420ab7adaf04d4476d7939892b217930fffcb9757be60e2

    • SHA512

      d3c49e2d6fb731c747144e1bb301f390aeb34b1e399c841bc76287519d6ad13cb34e4a3ae24986b0f43e94c31d40e357d51d360a436b7651a4d539c8fad99951

    • SSDEEP

      6144:uAtrKrjDnYCADp9VekbJ2tPJKA1jImwa6mcF:DmYpDFbJ2s0jIxmc

    • Target

      远程控制 测试- (2).bat

    • Size

      1.9MB

    • MD5

      44726e1af933ac9132a40f8c00c44e48

    • SHA1

      b18df355daf0060c46d1eda4f7e068c1788405c2

    • SHA256

      455d89a6e91d21bfb20ecd18f48faf8bfe67a3e3e115d737695aa1fc3883e2b4

    • SHA512

      74e4eace0b660e1a12701533dea886218b9846fad69d5316aa835196f8713eb6ae68402b5281d27e9274aab40f1a3762bb98ddc4a5e54b24a13be8a784515c71

    • SSDEEP

      49152:ArC7FLl2Fk6TN8pO3LEKx5iM8h5ZTvS8mQZ47Kxc1cAArVJiVjefVFLS:fLl2Fk6TaO3LEKx5i5ZTSjQZ4mxi/ark

    Score
    3/10
    • Target

      远程控制 测试- (2).exe

    • Size

      1.9MB

    • MD5

      44726e1af933ac9132a40f8c00c44e48

    • SHA1

      b18df355daf0060c46d1eda4f7e068c1788405c2

    • SHA256

      455d89a6e91d21bfb20ecd18f48faf8bfe67a3e3e115d737695aa1fc3883e2b4

    • SHA512

      74e4eace0b660e1a12701533dea886218b9846fad69d5316aa835196f8713eb6ae68402b5281d27e9274aab40f1a3762bb98ddc4a5e54b24a13be8a784515c71

    • SSDEEP

      49152:ArC7FLl2Fk6TN8pO3LEKx5iM8h5ZTvS8mQZ47Kxc1cAArVJiVjefVFLS:fLl2Fk6TaO3LEKx5i5ZTSjQZ4mxi/ark

    Score
    3/10
    • Target

      远程控制 测试-.bat

    • Size

      1.9MB

    • MD5

      1abafb07254557a7e1c4045d16765c4d

    • SHA1

      024ff7967ccc6e1237e74d23f2fab9840994a03b

    • SHA256

      b784b6c6eb56fb91cb881a18e5e5ce630c96b5e49b131363c4776a097bb4bdea

    • SHA512

      f24eabcdcfc932a9fb15042e200f8b2caf41cb2d7e718977fbaf16a14d8e1bbcf29cf7d7bdca715e0e26a88f7162b2ae8a4c2968f8036d940fd0e96d1ccf959f

    • SSDEEP

      49152:lzvq2Kp7NXRRBChNoRhUfERKbVNK7hiwUOdj4rhEOX66VEl56r:o2Kp7NXlChNoRhRAbVNK7hiw14rKm669

    Score
    3/10
    • Target

      远程控制 测试-.exe

    • Size

      1.9MB

    • MD5

      1abafb07254557a7e1c4045d16765c4d

    • SHA1

      024ff7967ccc6e1237e74d23f2fab9840994a03b

    • SHA256

      b784b6c6eb56fb91cb881a18e5e5ce630c96b5e49b131363c4776a097bb4bdea

    • SHA512

      f24eabcdcfc932a9fb15042e200f8b2caf41cb2d7e718977fbaf16a14d8e1bbcf29cf7d7bdca715e0e26a88f7162b2ae8a4c2968f8036d940fd0e96d1ccf959f

    • SSDEEP

      49152:lzvq2Kp7NXRRBChNoRhUfERKbVNK7hiwUOdj4rhEOX66VEl56r:o2Kp7NXlChNoRhRAbVNK7hiw14rKm669

    Score
    3/10
    • Target

      钱包收款地址强制更改器- (2).exe

    • Size

      2.2MB

    • MD5

      4aa53cd852b2160cfe36a6623e099649

    • SHA1

      63dadd832dc0c5d5a40a229a48bc5aa01ab59bc6

    • SHA256

      3b98e8614b4244e0ffe0ddb86a07d8d35524ec36bc4a79ea89b556d246738ee1

    • SHA512

      444f967c9c73435156746a82acaba6af74f7eb458b03e17e1f9cabbe7eae9f2bc106d9c798660ad2c1ac96211072c1e93f0c8e499770ee60987f381ab2d42bf8

    • SSDEEP

      49152:ZQSZnqs5EVcsYSijtkw9ga68mhcAP0xYHw/ZgAa0h7hYs8Id69UVgx6y:WkqKEVc7tkw9g98mHPCYHw/+Mh9Zfd6J

    Score
    3/10
    • Target

      钱包收款地址强制更改器-.exe

    • Size

      1.8MB

    • MD5

      3009b7339dc5d42d9e303b44f0ac909d

    • SHA1

      b2dd5280172f5b3f6580fbc9ef668752d76cccf6

    • SHA256

      52575ef4a36b8a7c426e53dc595f7ec4680e972125a106aab51799e74dda2a45

    • SHA512

      9c6b58083f241ea948d6e0445d228e0f7e0edc2c5a5f907328c27555d5febdff5e0f111e89dc1ca5490e487618ca35c12f60f0b945452615bee698476f47030d

    • SSDEEP

      49152:YYDYIdixGgyRXDBRomq2hI+Vz7SAjqElseu/V5fLBYA9ULRUh:YhIdcGFx9Romq2G+VHSAjqEaJVhV1ULq

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks