General

  • Target

    a5f3a5d5106a4acd6caff93a01cf2ed66c2ae07adb28a4ac73dec4c13564b463

  • Size

    65KB

  • Sample

    241219-btawla1jey

  • MD5

    7072edb2d592b1207fb151e457dd6f43

  • SHA1

    4040ebce798962370cd05860ab2b9e1044b7ccb2

  • SHA256

    a5f3a5d5106a4acd6caff93a01cf2ed66c2ae07adb28a4ac73dec4c13564b463

  • SHA512

    08916b9f324cb1d5b15ea5b09331260e1007607e06c8dfa23f800e25ab49855e6c1f143ccbaae95b29ef75128cb7016fc2fb30e2ba3ba6108eb8586781283179

  • SSDEEP

    1536:Cnu7Um0Qh1GBbDM3I7+00WU2KVWCRR7rH1BzOEl/o7I8CmhYZ02nCH:FgmTuBZElrH/KENoMPykCH

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a5f3a5d5106a4acd6caff93a01cf2ed66c2ae07adb28a4ac73dec4c13564b463

    • Size

      65KB

    • MD5

      7072edb2d592b1207fb151e457dd6f43

    • SHA1

      4040ebce798962370cd05860ab2b9e1044b7ccb2

    • SHA256

      a5f3a5d5106a4acd6caff93a01cf2ed66c2ae07adb28a4ac73dec4c13564b463

    • SHA512

      08916b9f324cb1d5b15ea5b09331260e1007607e06c8dfa23f800e25ab49855e6c1f143ccbaae95b29ef75128cb7016fc2fb30e2ba3ba6108eb8586781283179

    • SSDEEP

      1536:Cnu7Um0Qh1GBbDM3I7+00WU2KVWCRR7rH1BzOEl/o7I8CmhYZ02nCH:FgmTuBZElrH/KENoMPykCH

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks