General

  • Target

    05de99d84afe5927cb1c8b615d472833734ee849037f3654e739fbb23ba3112a.exe

  • Size

    400KB

  • Sample

    241219-dpwzdawkar

  • MD5

    af83ecf721870920adface36466e2e24

  • SHA1

    1f0c4ac45796e9301c7466d2d9c97d6b760f19bc

  • SHA256

    05de99d84afe5927cb1c8b615d472833734ee849037f3654e739fbb23ba3112a

  • SHA512

    b3e4376e09edcc6f33bc6699b2b5ac7c9574746a14d7a638993cd3c1d32068cb554b839056ff14d9e930ca05480e24a64d61d67ae236cc067a6379e1b21c2640

  • SSDEEP

    12288:5myhC36BkA4d4qxwJwO2SYKTFLCuCLbNB6e:5m+C3OkIqxwJ0pKg36e

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      05de99d84afe5927cb1c8b615d472833734ee849037f3654e739fbb23ba3112a.exe

    • Size

      400KB

    • MD5

      af83ecf721870920adface36466e2e24

    • SHA1

      1f0c4ac45796e9301c7466d2d9c97d6b760f19bc

    • SHA256

      05de99d84afe5927cb1c8b615d472833734ee849037f3654e739fbb23ba3112a

    • SHA512

      b3e4376e09edcc6f33bc6699b2b5ac7c9574746a14d7a638993cd3c1d32068cb554b839056ff14d9e930ca05480e24a64d61d67ae236cc067a6379e1b21c2640

    • SSDEEP

      12288:5myhC36BkA4d4qxwJwO2SYKTFLCuCLbNB6e:5m+C3OkIqxwJ0pKg36e

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks