General

  • Target

    e40cc7939dececa4d20d83280b97728059cfc444ac9de3c0ff4d1671ab6490f6.exe

  • Size

    1.1MB

  • Sample

    241219-f4dsfs1mgl

  • MD5

    b2aec7ae0a095e59c8b98f9530302032

  • SHA1

    6007183f50375304a1465fd71cdb6d5dfd667209

  • SHA256

    e40cc7939dececa4d20d83280b97728059cfc444ac9de3c0ff4d1671ab6490f6

  • SHA512

    8226b09709b5744826bc6b57a07065952bf7e2af6687d330e3105c78f3d647b6da1def3afe453c7308de4304b64edc7b17842f26847f6887664c8b4222915147

  • SSDEEP

    24576:W1/aGLDCM4D8ayGMCPnXo8/4gflI2d+JdjyW:FD8ayGM0XoQr2jyW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      e40cc7939dececa4d20d83280b97728059cfc444ac9de3c0ff4d1671ab6490f6.exe

    • Size

      1.1MB

    • MD5

      b2aec7ae0a095e59c8b98f9530302032

    • SHA1

      6007183f50375304a1465fd71cdb6d5dfd667209

    • SHA256

      e40cc7939dececa4d20d83280b97728059cfc444ac9de3c0ff4d1671ab6490f6

    • SHA512

      8226b09709b5744826bc6b57a07065952bf7e2af6687d330e3105c78f3d647b6da1def3afe453c7308de4304b64edc7b17842f26847f6887664c8b4222915147

    • SSDEEP

      24576:W1/aGLDCM4D8ayGMCPnXo8/4gflI2d+JdjyW:FD8ayGM0XoQr2jyW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks