General

  • Target

    e9ebde5c232e045b1c01e95e5ab66412bc6678aba14bcefcb0172f8d90da6df1N.exe

  • Size

    97KB

  • Sample

    241219-3jj53atmcj

  • MD5

    3f03ff4add7188f3526c146902419f20

  • SHA1

    f1861a03f23deb54c11dbf10bb9a5acd63628f9c

  • SHA256

    e9ebde5c232e045b1c01e95e5ab66412bc6678aba14bcefcb0172f8d90da6df1

  • SHA512

    5958086585d25b9a3b76e30971b32a1bc2fe57737f2ee1d6190bfb49f7dd5f63e00bb576ce516c19db825d87f443887789a1902166dc2c92fa021ab8ead013f8

  • SSDEEP

    3072:ai+gqB3R2R69QQB+B1NjM/kWEYSjPTNRW8NVsfl+W:atgqmR6iA9EYcNR3w4W

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e9ebde5c232e045b1c01e95e5ab66412bc6678aba14bcefcb0172f8d90da6df1N.exe

    • Size

      97KB

    • MD5

      3f03ff4add7188f3526c146902419f20

    • SHA1

      f1861a03f23deb54c11dbf10bb9a5acd63628f9c

    • SHA256

      e9ebde5c232e045b1c01e95e5ab66412bc6678aba14bcefcb0172f8d90da6df1

    • SHA512

      5958086585d25b9a3b76e30971b32a1bc2fe57737f2ee1d6190bfb49f7dd5f63e00bb576ce516c19db825d87f443887789a1902166dc2c92fa021ab8ead013f8

    • SSDEEP

      3072:ai+gqB3R2R69QQB+B1NjM/kWEYSjPTNRW8NVsfl+W:atgqmR6iA9EYcNR3w4W

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks