General

  • Target

    bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56dN.exe

  • Size

    65KB

  • Sample

    241219-l4bkzszlfw

  • MD5

    50e889f6c972cef26886a38209c69860

  • SHA1

    f11c9874c08363d357a9a36ec7e8f17bf84155c0

  • SHA256

    bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56d

  • SHA512

    96b81319ad7e781468b165cc10e73a2510947e0d9d98a22dc2e2d941ff77bc0712021b64a576388abd2b6fdf1bfa0567c0ceee6b1fe057e657fd3f6767b9ee01

  • SSDEEP

    1536:od0Tgm2iNiNlSXTZJsKYt7WIhqK5MIWUP:q0TgmtJ/skIj51T

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56dN.exe

    • Size

      65KB

    • MD5

      50e889f6c972cef26886a38209c69860

    • SHA1

      f11c9874c08363d357a9a36ec7e8f17bf84155c0

    • SHA256

      bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56d

    • SHA512

      96b81319ad7e781468b165cc10e73a2510947e0d9d98a22dc2e2d941ff77bc0712021b64a576388abd2b6fdf1bfa0567c0ceee6b1fe057e657fd3f6767b9ee01

    • SSDEEP

      1536:od0Tgm2iNiNlSXTZJsKYt7WIhqK5MIWUP:q0TgmtJ/skIj51T

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks