General

  • Target

    32facbcb368e4a3194ed049ed2db2cb4cd7a856425729840b36da4a33cb2efb5.exe

  • Size

    65KB

  • Sample

    241219-exs35aynbl

  • MD5

    c759676840fa751fdb6cbe789a0ec410

  • SHA1

    31c4aebc36fe01833ee4025d5375f9a4b3a24050

  • SHA256

    32facbcb368e4a3194ed049ed2db2cb4cd7a856425729840b36da4a33cb2efb5

  • SHA512

    761360021729dd10ffcf3c8027ac6f63b682f2b8121667d7dfc3f6303a862cc0eb4ad8bcffa78749320bb343b80b082a8fdf9a5396581c4ec0ea1d8deb09248b

  • SSDEEP

    1536:iyu8/5wHoqghnUU+S+Yk4IFYei8wdCS+fkAQWLsAjGD2hj9:vfT+Sjk+l8nS+JLtQ2hB

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      32facbcb368e4a3194ed049ed2db2cb4cd7a856425729840b36da4a33cb2efb5.exe

    • Size

      65KB

    • MD5

      c759676840fa751fdb6cbe789a0ec410

    • SHA1

      31c4aebc36fe01833ee4025d5375f9a4b3a24050

    • SHA256

      32facbcb368e4a3194ed049ed2db2cb4cd7a856425729840b36da4a33cb2efb5

    • SHA512

      761360021729dd10ffcf3c8027ac6f63b682f2b8121667d7dfc3f6303a862cc0eb4ad8bcffa78749320bb343b80b082a8fdf9a5396581c4ec0ea1d8deb09248b

    • SSDEEP

      1536:iyu8/5wHoqghnUU+S+Yk4IFYei8wdCS+fkAQWLsAjGD2hj9:vfT+Sjk+l8nS+JLtQ2hB

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks