General

  • Target

    959cae4be54c7411bbd4bc3c228364fe10530ec93c6935851c4413a80d63396c

  • Size

    81KB

  • Sample

    241219-aprswazjbq

  • MD5

    60d7282c7bff18e91465bfb0546655e4

  • SHA1

    2fb36fb01c9651fcd14b6c19244e1ca5fd2afeb1

  • SHA256

    959cae4be54c7411bbd4bc3c228364fe10530ec93c6935851c4413a80d63396c

  • SHA512

    6ef6c1eab4a95583d889b51e75aa8e83a975e9593f1e89dc2a4f1c19174ed2644a84897b71b7c0ab1b9fc07d6db9861a670b0decd56ca81f7c19bfa40cf3eff0

  • SSDEEP

    1536:Ut0IjBp7Z8VNgIQrzjsh5Jtk5Hii53jmxhOvivC3yTcntSaqG91Hut:vUB56aHfQxhTC9tSFG910

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      959cae4be54c7411bbd4bc3c228364fe10530ec93c6935851c4413a80d63396c

    • Size

      81KB

    • MD5

      60d7282c7bff18e91465bfb0546655e4

    • SHA1

      2fb36fb01c9651fcd14b6c19244e1ca5fd2afeb1

    • SHA256

      959cae4be54c7411bbd4bc3c228364fe10530ec93c6935851c4413a80d63396c

    • SHA512

      6ef6c1eab4a95583d889b51e75aa8e83a975e9593f1e89dc2a4f1c19174ed2644a84897b71b7c0ab1b9fc07d6db9861a670b0decd56ca81f7c19bfa40cf3eff0

    • SSDEEP

      1536:Ut0IjBp7Z8VNgIQrzjsh5Jtk5Hii53jmxhOvivC3yTcntSaqG91Hut:vUB56aHfQxhTC9tSFG910

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks