General

  • Target

    ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63bN.exe

  • Size

    1.1MB

  • Sample

    241219-lmwjtsypfx

  • MD5

    1c3698bbc99f0bea453d76b58d12ba20

  • SHA1

    3dafb852d25011923f7d02678acb57a19193e1d6

  • SHA256

    ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63b

  • SHA512

    cd6e5c19d0a173570ed81cf1e54f9f7d1364d1e2f1750fa83d9a4e20c89f7129ebccf8e7a66b05f94ff54fb9c5836ebea9373cd300c72a5a96d36467d56c4653

  • SSDEEP

    24576:W1/aGLDCM4D8ayGMCPnXo8/4gflI2d+JdjyS:FD8ayGM0XoQr2jyS

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63bN.exe

    • Size

      1.1MB

    • MD5

      1c3698bbc99f0bea453d76b58d12ba20

    • SHA1

      3dafb852d25011923f7d02678acb57a19193e1d6

    • SHA256

      ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63b

    • SHA512

      cd6e5c19d0a173570ed81cf1e54f9f7d1364d1e2f1750fa83d9a4e20c89f7129ebccf8e7a66b05f94ff54fb9c5836ebea9373cd300c72a5a96d36467d56c4653

    • SSDEEP

      24576:W1/aGLDCM4D8ayGMCPnXo8/4gflI2d+JdjyS:FD8ayGM0XoQr2jyS

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks