General

  • Target

    498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0N.exe

  • Size

    120KB

  • Sample

    241219-ambc4syrck

  • MD5

    bffe1a75b8db962292cddd50ecaacd20

  • SHA1

    2c6a15835e2ae91e5a40ecbcba910080fc07ca8e

  • SHA256

    498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0

  • SHA512

    423d547c19c0179183323ee1676504a9934fde367e99bcfeb7b4d2e233ed466b27e9d1a6fbb0017fa9b5ea0d03c1163e42c8409f3e2eede8f12e1a6095493653

  • SSDEEP

    1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6S:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboO

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0N.exe

    • Size

      120KB

    • MD5

      bffe1a75b8db962292cddd50ecaacd20

    • SHA1

      2c6a15835e2ae91e5a40ecbcba910080fc07ca8e

    • SHA256

      498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0

    • SHA512

      423d547c19c0179183323ee1676504a9934fde367e99bcfeb7b4d2e233ed466b27e9d1a6fbb0017fa9b5ea0d03c1163e42c8409f3e2eede8f12e1a6095493653

    • SSDEEP

      1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6S:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboO

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks