General

  • Target

    e17eeb82db0680274696fdee681fca61785982adff373de61f371e456b487a2dN.exe

  • Size

    97KB

  • Sample

    241219-m678ea1qgz

  • MD5

    1c291733b56e5195e2cd8556c70badb0

  • SHA1

    e2fc9c0476f6d9aef9c3bf283f866726c2e1dca1

  • SHA256

    e17eeb82db0680274696fdee681fca61785982adff373de61f371e456b487a2d

  • SHA512

    4a2a656482795760ceeefd5e6d2d9080c78f8e0717cf1a4167d1d3b18ace5d3c1f8842c308782e371ae8a439f8e6a07a9c960ea38544548a2a613d4205508c76

  • SSDEEP

    1536:C2SV8rBj9H1PY4SViKbFkBkirP203uob/XYG2m9DcfgBFG0N6CM41Uy:C2g6NPgiBRrP20JbPYG2mDF+CM4Z

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e17eeb82db0680274696fdee681fca61785982adff373de61f371e456b487a2dN.exe

    • Size

      97KB

    • MD5

      1c291733b56e5195e2cd8556c70badb0

    • SHA1

      e2fc9c0476f6d9aef9c3bf283f866726c2e1dca1

    • SHA256

      e17eeb82db0680274696fdee681fca61785982adff373de61f371e456b487a2d

    • SHA512

      4a2a656482795760ceeefd5e6d2d9080c78f8e0717cf1a4167d1d3b18ace5d3c1f8842c308782e371ae8a439f8e6a07a9c960ea38544548a2a613d4205508c76

    • SSDEEP

      1536:C2SV8rBj9H1PY4SViKbFkBkirP203uob/XYG2m9DcfgBFG0N6CM41Uy:C2g6NPgiBRrP20JbPYG2mDF+CM4Z

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks