General

  • Target

    864002315e536661b854caf916935ded11148990dc160834b0a306c73485c955N.exe

  • Size

    780KB

  • Sample

    241219-bn6q3s1nfp

  • MD5

    0c8eccdbefc96776c9d8e219f9832340

  • SHA1

    3db01ae1da1854a8ff8513eb4f342a72d274214f

  • SHA256

    864002315e536661b854caf916935ded11148990dc160834b0a306c73485c955

  • SHA512

    df0c99851c48dd205f0f896e0735ba4564afc0f99eec2d38951f13f689c597fff211e315cf9dc2b19625aab547b3b8df47edc5b8ff2fc2568d3eeaadc6044a7d

  • SSDEEP

    24576:F0ZhDa7BatUBFM8su0ZjpXZN0FmEOGpYmh:FwWNFBFM8s9FpXHunh

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      864002315e536661b854caf916935ded11148990dc160834b0a306c73485c955N.exe

    • Size

      780KB

    • MD5

      0c8eccdbefc96776c9d8e219f9832340

    • SHA1

      3db01ae1da1854a8ff8513eb4f342a72d274214f

    • SHA256

      864002315e536661b854caf916935ded11148990dc160834b0a306c73485c955

    • SHA512

      df0c99851c48dd205f0f896e0735ba4564afc0f99eec2d38951f13f689c597fff211e315cf9dc2b19625aab547b3b8df47edc5b8ff2fc2568d3eeaadc6044a7d

    • SSDEEP

      24576:F0ZhDa7BatUBFM8su0ZjpXZN0FmEOGpYmh:FwWNFBFM8s9FpXHunh

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks