General

  • Target

    64fc6b9e49f2ec599b15851b31d2d904a9f55f3e9a6c510ce3d85838c0361d20N.exe

  • Size

    97KB

  • Sample

    241219-3hmjsstmak

  • MD5

    8391f66f9830f6fb52d38dbe4cfda9e0

  • SHA1

    5ec0954daf4282eff6d58fa53a84ea80abced59c

  • SHA256

    64fc6b9e49f2ec599b15851b31d2d904a9f55f3e9a6c510ce3d85838c0361d20

  • SHA512

    f7d113e48cae85b8af6c605d3925effe8de10faf2724009de9856879355dcd99fc2e2755a1c863c3fff55ce64113ed265774598116cda346efdae83926fea17c

  • SSDEEP

    1536:hbaTAc0QEb4zd8gIwgzTMw16sE7uRJanWig9BOK8u74O/hDVGDu:Ba8pbM8gIbhFRR58uMO/hDSu

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      64fc6b9e49f2ec599b15851b31d2d904a9f55f3e9a6c510ce3d85838c0361d20N.exe

    • Size

      97KB

    • MD5

      8391f66f9830f6fb52d38dbe4cfda9e0

    • SHA1

      5ec0954daf4282eff6d58fa53a84ea80abced59c

    • SHA256

      64fc6b9e49f2ec599b15851b31d2d904a9f55f3e9a6c510ce3d85838c0361d20

    • SHA512

      f7d113e48cae85b8af6c605d3925effe8de10faf2724009de9856879355dcd99fc2e2755a1c863c3fff55ce64113ed265774598116cda346efdae83926fea17c

    • SSDEEP

      1536:hbaTAc0QEb4zd8gIwgzTMw16sE7uRJanWig9BOK8u74O/hDVGDu:Ba8pbM8gIbhFRR58uMO/hDSu

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks