General

  • Target

    c418cbcedd298da7dac9423d73102eaf4e058ff1c2b2a4770614a82806889555N.exe

  • Size

    65KB

  • Sample

    241219-drspqsvnct

  • MD5

    675ca6a37128b58390bb88fe68483690

  • SHA1

    6554f3822c97e0b374a6b88afcf6277964afe4f0

  • SHA256

    c418cbcedd298da7dac9423d73102eaf4e058ff1c2b2a4770614a82806889555

  • SHA512

    f0b5ac04a2200117c86c24f029de74fe23fbe75c20a5110d971256d839e76c483a8024502986a71a3db874e2011ce66d653e1a4ef6e0d2d6029b5125ed8724a7

  • SSDEEP

    1536:gtxU/x4aiGRNEUmB6RfG5GxsB7/caVX9SjBGs1vLT10cUmuO2fG85:gto4aV/mBi+MGS+S9DxuPmuBG85

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      c418cbcedd298da7dac9423d73102eaf4e058ff1c2b2a4770614a82806889555N.exe

    • Size

      65KB

    • MD5

      675ca6a37128b58390bb88fe68483690

    • SHA1

      6554f3822c97e0b374a6b88afcf6277964afe4f0

    • SHA256

      c418cbcedd298da7dac9423d73102eaf4e058ff1c2b2a4770614a82806889555

    • SHA512

      f0b5ac04a2200117c86c24f029de74fe23fbe75c20a5110d971256d839e76c483a8024502986a71a3db874e2011ce66d653e1a4ef6e0d2d6029b5125ed8724a7

    • SSDEEP

      1536:gtxU/x4aiGRNEUmB6RfG5GxsB7/caVX9SjBGs1vLT10cUmuO2fG85:gto4aV/mBi+MGS+S9DxuPmuBG85

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks