General

  • Target

    89184aea4fb6d020d884655d885a08d44b92a86d4f10b9a8bc494a660ed4cba5N.exe

  • Size

    65KB

  • Sample

    241219-dw1adawnar

  • MD5

    4e18cdaef71565446f48d97b4b31fd70

  • SHA1

    ee4402b9f1be547794a59533f04ccff3493f8c46

  • SHA256

    89184aea4fb6d020d884655d885a08d44b92a86d4f10b9a8bc494a660ed4cba5

  • SHA512

    b4ac18053b78913290d29513e4218ddd2db0a88391335f4d51b72150dce874eab443eaa20a10861c12ef002e134b73dc225f5ab27b7760c6fbd9246417009548

  • SSDEEP

    768:zXs0o0wnXfd7grSu0+sP4zg1lQd+IfAzv3eW1zqtlH9Quc+c2UUJ2YdPvxOUNtb2:79o0wnPdV/DQ+FzAHNxJ2YRvxlIhj

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      89184aea4fb6d020d884655d885a08d44b92a86d4f10b9a8bc494a660ed4cba5N.exe

    • Size

      65KB

    • MD5

      4e18cdaef71565446f48d97b4b31fd70

    • SHA1

      ee4402b9f1be547794a59533f04ccff3493f8c46

    • SHA256

      89184aea4fb6d020d884655d885a08d44b92a86d4f10b9a8bc494a660ed4cba5

    • SHA512

      b4ac18053b78913290d29513e4218ddd2db0a88391335f4d51b72150dce874eab443eaa20a10861c12ef002e134b73dc225f5ab27b7760c6fbd9246417009548

    • SSDEEP

      768:zXs0o0wnXfd7grSu0+sP4zg1lQd+IfAzv3eW1zqtlH9Quc+c2UUJ2YdPvxOUNtb2:79o0wnPdV/DQ+FzAHNxJ2YRvxlIhj

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks