General

  • Target

    64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6.exe

  • Size

    1.1MB

  • Sample

    241219-gp9r1ssmbj

  • MD5

    0bb35ff66fc9fabdc1c8b0f4b978b853

  • SHA1

    c4469eec72a18c1c71d45d043520210826142b40

  • SHA256

    64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6

  • SHA512

    231842cb470991b936d88a232ec5e19b3b3a8ab37c6759c6992bfd20ac02430dbb47a170349ddc2f9c0860d2f74ebaf3b0628a336a3dadd09b36180c733781e5

  • SSDEEP

    24576:0iZ1IdkiaMTNXs8q73ratc8qwBWc0JE9UcyL6nGIrNDXqHqAp9:rd/eehjratJBn9Uc+GGI56HLL

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6.exe

    • Size

      1.1MB

    • MD5

      0bb35ff66fc9fabdc1c8b0f4b978b853

    • SHA1

      c4469eec72a18c1c71d45d043520210826142b40

    • SHA256

      64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6

    • SHA512

      231842cb470991b936d88a232ec5e19b3b3a8ab37c6759c6992bfd20ac02430dbb47a170349ddc2f9c0860d2f74ebaf3b0628a336a3dadd09b36180c733781e5

    • SSDEEP

      24576:0iZ1IdkiaMTNXs8q73ratc8qwBWc0JE9UcyL6nGIrNDXqHqAp9:rd/eehjratJBn9Uc+GGI56HLL

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks