General

  • Target

    e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176N.exe

  • Size

    120KB

  • Sample

    241219-b6p62sslhl

  • MD5

    73ad0841dd0db6ea73e497546a0d0b60

  • SHA1

    91def1fea04afc574f2382d7484198e6fc48ce15

  • SHA256

    e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176

  • SHA512

    2e45e8ae08a32d86fc2982da96cef7efe8ee6dc0ea4573129e7d24dae3a7efc7d6c23f1b8a1a35c4f84109830c15275f099089f804214af913ea971737901407

  • SSDEEP

    3072:WytBSCdTmIdXhhf9LcwmVVHrpG6/a4ZI:DyCZmInV9LcD746t

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176N.exe

    • Size

      120KB

    • MD5

      73ad0841dd0db6ea73e497546a0d0b60

    • SHA1

      91def1fea04afc574f2382d7484198e6fc48ce15

    • SHA256

      e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176

    • SHA512

      2e45e8ae08a32d86fc2982da96cef7efe8ee6dc0ea4573129e7d24dae3a7efc7d6c23f1b8a1a35c4f84109830c15275f099089f804214af913ea971737901407

    • SSDEEP

      3072:WytBSCdTmIdXhhf9LcwmVVHrpG6/a4ZI:DyCZmInV9LcD746t

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks