General

  • Target

    532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505.exe

  • Size

    120KB

  • Sample

    241219-basmaszkdt

  • MD5

    d63cc28193e3f9d79d8b8628df7121f7

  • SHA1

    5a12cb347c270f92038cfcf35ec9fb6b99f45a99

  • SHA256

    532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505

  • SHA512

    4025af0ce7e40490109170b0853c39726dcf86f616ba34c7426c32695e1f4c410bf1891070a6f2af7b8769a0237be43f2ac1eb790cd0a2538b7559745feb3068

  • SSDEEP

    1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6f:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboOM

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505.exe

    • Size

      120KB

    • MD5

      d63cc28193e3f9d79d8b8628df7121f7

    • SHA1

      5a12cb347c270f92038cfcf35ec9fb6b99f45a99

    • SHA256

      532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505

    • SHA512

      4025af0ce7e40490109170b0853c39726dcf86f616ba34c7426c32695e1f4c410bf1891070a6f2af7b8769a0237be43f2ac1eb790cd0a2538b7559745feb3068

    • SSDEEP

      1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6f:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboOM

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks