General

  • Target

    5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b.exe

  • Size

    97KB

  • Sample

    241219-eefebawpcx

  • MD5

    fbb68a13717858f8146b1a29017aaa43

  • SHA1

    95331185bc7a09bfe406eee15476304d6741a45a

  • SHA256

    5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b

  • SHA512

    73d79777887f659d13fcdba0f0b09bca3b91a8435e028722e4bf888397bbcde2172d32aa14e669325859664f1b2cacf44e36d63f523868a5a69eb58f4b2a8321

  • SSDEEP

    1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiMt:iPS7mwI1L+NB2NoeWdETMFQNU1Mt

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b.exe

    • Size

      97KB

    • MD5

      fbb68a13717858f8146b1a29017aaa43

    • SHA1

      95331185bc7a09bfe406eee15476304d6741a45a

    • SHA256

      5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b

    • SHA512

      73d79777887f659d13fcdba0f0b09bca3b91a8435e028722e4bf888397bbcde2172d32aa14e669325859664f1b2cacf44e36d63f523868a5a69eb58f4b2a8321

    • SSDEEP

      1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiMt:iPS7mwI1L+NB2NoeWdETMFQNU1Mt

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks