General

  • Target

    88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75N.exe

  • Size

    120KB

  • Sample

    241219-269hsstjdp

  • MD5

    b0657cfb9b30c690c58ccd4fc0d7adf0

  • SHA1

    1eb16eb6efff097eda62f2347d7eacf3a06ea405

  • SHA256

    88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75

  • SHA512

    181e14abd8129bd6a6ffa2b38e4fd82cd88d7aa98c264be8e1d404b1d0ee581a6677920b5f0612863e4b57168ae4961bdcdbd0415f4d801f784af10abd31775b

  • SSDEEP

    1536:zO881tjPJOECLx8+NUZaX3VRzazIWi4ClCOsnvWb8goVxkzhBbGjIWvBXJmXo:zO8Y5hgScbl1Cu8go4dJqIUUY

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75N.exe

    • Size

      120KB

    • MD5

      b0657cfb9b30c690c58ccd4fc0d7adf0

    • SHA1

      1eb16eb6efff097eda62f2347d7eacf3a06ea405

    • SHA256

      88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75

    • SHA512

      181e14abd8129bd6a6ffa2b38e4fd82cd88d7aa98c264be8e1d404b1d0ee581a6677920b5f0612863e4b57168ae4961bdcdbd0415f4d801f784af10abd31775b

    • SSDEEP

      1536:zO881tjPJOECLx8+NUZaX3VRzazIWi4ClCOsnvWb8goVxkzhBbGjIWvBXJmXo:zO8Y5hgScbl1Cu8go4dJqIUUY

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks