General

  • Target

    fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659.exe

  • Size

    120KB

  • Sample

    241219-kvvrtsxngz

  • MD5

    3b15ee4e15a1c611a2c1bba67ca7e3fa

  • SHA1

    6f99f8998f96eedb794f59f29f15c9f527dd1161

  • SHA256

    fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659

  • SHA512

    32e4595865eef882f6c572d0198be82106cf30021443af94734d3c698c6027cb7cc00378df5870fd02ba0a6b5bee677e761df72962294821bd738913d1a3b5eb

  • SSDEEP

    3072:GTvyYZhlHEymskuipjlPHdbSpe9Gj+KpYBGh3R:dYZ7Eywuejx92Eo0BGh3R

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659.exe

    • Size

      120KB

    • MD5

      3b15ee4e15a1c611a2c1bba67ca7e3fa

    • SHA1

      6f99f8998f96eedb794f59f29f15c9f527dd1161

    • SHA256

      fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659

    • SHA512

      32e4595865eef882f6c572d0198be82106cf30021443af94734d3c698c6027cb7cc00378df5870fd02ba0a6b5bee677e761df72962294821bd738913d1a3b5eb

    • SSDEEP

      3072:GTvyYZhlHEymskuipjlPHdbSpe9Gj+KpYBGh3R:dYZ7Eywuejx92Eo0BGh3R

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks