General

  • Target

    dc0194e86c0a87c35651b25b48d0a8da86ce8c16ef21392b653fdb633366bee8N.exe

  • Size

    97KB

  • Sample

    241219-3cexrstkfj

  • MD5

    ad69a075b6f8a3c5dac2285e6bc68ef0

  • SHA1

    d6d7ca1b5d1f0d7099dd0a72af8b2fe625a6ee2d

  • SHA256

    dc0194e86c0a87c35651b25b48d0a8da86ce8c16ef21392b653fdb633366bee8

  • SHA512

    ca55f764b0d42195a9fb812a0ceb57e2596967b6a5e032319d6bff1acedb450c4ab2139e1c17324b75f93647673c50c57e9292ea34cd34eba334658b0cfd3451

  • SSDEEP

    3072:wRIZJeHO/QOIDPqB/xEeDKAwFzq7JDWzJQ5d:wRI35QOImEeG788Q5d

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      dc0194e86c0a87c35651b25b48d0a8da86ce8c16ef21392b653fdb633366bee8N.exe

    • Size

      97KB

    • MD5

      ad69a075b6f8a3c5dac2285e6bc68ef0

    • SHA1

      d6d7ca1b5d1f0d7099dd0a72af8b2fe625a6ee2d

    • SHA256

      dc0194e86c0a87c35651b25b48d0a8da86ce8c16ef21392b653fdb633366bee8

    • SHA512

      ca55f764b0d42195a9fb812a0ceb57e2596967b6a5e032319d6bff1acedb450c4ab2139e1c17324b75f93647673c50c57e9292ea34cd34eba334658b0cfd3451

    • SSDEEP

      3072:wRIZJeHO/QOIDPqB/xEeDKAwFzq7JDWzJQ5d:wRI35QOImEeG788Q5d

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks