General

  • Target

    440afc3c51a94a4976c9fc3a2101249f5d9c8df2ac6159be99faa3ae14dcc853N.exe

  • Size

    97KB

  • Sample

    241219-2s1czaspdk

  • MD5

    8cac65d08afa809419b3b5e0ea26ef70

  • SHA1

    7b25392bd72d98fb3482ce2bd501bdf40620cd43

  • SHA256

    440afc3c51a94a4976c9fc3a2101249f5d9c8df2ac6159be99faa3ae14dcc853

  • SHA512

    69ac0c7156625714338a3c7ba1960f11d170acb3937a04922cf8e7fbbc081af2a2d07e1f409b19d35353a1e6bd7c75f7732ba6b79317e92688c7899a0d0ce191

  • SSDEEP

    1536:I0sF9esRXfoyD48SUbf1QgoT9NL3RqULViCttvBITCNR/H5npzq24qhe:YF9N48ligWNLEqrKmNl5nX

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      440afc3c51a94a4976c9fc3a2101249f5d9c8df2ac6159be99faa3ae14dcc853N.exe

    • Size

      97KB

    • MD5

      8cac65d08afa809419b3b5e0ea26ef70

    • SHA1

      7b25392bd72d98fb3482ce2bd501bdf40620cd43

    • SHA256

      440afc3c51a94a4976c9fc3a2101249f5d9c8df2ac6159be99faa3ae14dcc853

    • SHA512

      69ac0c7156625714338a3c7ba1960f11d170acb3937a04922cf8e7fbbc081af2a2d07e1f409b19d35353a1e6bd7c75f7732ba6b79317e92688c7899a0d0ce191

    • SSDEEP

      1536:I0sF9esRXfoyD48SUbf1QgoT9NL3RqULViCttvBITCNR/H5npzq24qhe:YF9N48ligWNLEqrKmNl5nX

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks