General

  • Target

    9ee5c293fac6b2ffe814f7f1ed5ab2e5bfc6aaf08743fd511d287be4acbd7459N.exe

  • Size

    5.0MB

  • Sample

    241219-acxtcsynbq

  • MD5

    d33d518c6c805441b419c70412a97b60

  • SHA1

    3daf435e9efc960a4af1938feb213b59ae62635b

  • SHA256

    9ee5c293fac6b2ffe814f7f1ed5ab2e5bfc6aaf08743fd511d287be4acbd7459

  • SHA512

    9a4add731a1d0fd00c13b7a1bf82c5f19e3378b7fe70dae03c71eb89be470751034b7fbc39fff3bef14efd0a61aed836db37a4363187010f837c187e02cda89e

  • SSDEEP

    98304:gqTQ5IvXDChYELUJkTWV+r6zT0o4f1TzGOnfFbAhNNSWwyvYKM8m:RTQ5IvXDCOMU+TZ6zgPbAhNmyvYl

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      9ee5c293fac6b2ffe814f7f1ed5ab2e5bfc6aaf08743fd511d287be4acbd7459N.exe

    • Size

      5.0MB

    • MD5

      d33d518c6c805441b419c70412a97b60

    • SHA1

      3daf435e9efc960a4af1938feb213b59ae62635b

    • SHA256

      9ee5c293fac6b2ffe814f7f1ed5ab2e5bfc6aaf08743fd511d287be4acbd7459

    • SHA512

      9a4add731a1d0fd00c13b7a1bf82c5f19e3378b7fe70dae03c71eb89be470751034b7fbc39fff3bef14efd0a61aed836db37a4363187010f837c187e02cda89e

    • SSDEEP

      98304:gqTQ5IvXDChYELUJkTWV+r6zT0o4f1TzGOnfFbAhNNSWwyvYKM8m:RTQ5IvXDCOMU+TZ6zgPbAhNmyvYl

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks