General

  • Target

    821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0N.exe

  • Size

    65KB

  • Sample

    241219-nc7kfssmhp

  • MD5

    44b4382c665b14a30f5876e060c612b0

  • SHA1

    68678139e399bac7d95f0f9eb0d4c7f09cf8520f

  • SHA256

    821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0

  • SHA512

    b5c27fc50a4e179ae9caf15d4fbc4fe1f81cf59dcdf94d88cdbf0307fac9533594b7124b20458b040f41ce9d2360418f96c5cdc0c1b36f1775faf6ad851f8cf5

  • SSDEEP

    1536:iyu8/5wHoqghnUU+S+Yk4IFYei8wdCS+fkAQWLsAjGD2hjl:vfT+Sjk+l8nS+JLtQ2hp

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0N.exe

    • Size

      65KB

    • MD5

      44b4382c665b14a30f5876e060c612b0

    • SHA1

      68678139e399bac7d95f0f9eb0d4c7f09cf8520f

    • SHA256

      821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0

    • SHA512

      b5c27fc50a4e179ae9caf15d4fbc4fe1f81cf59dcdf94d88cdbf0307fac9533594b7124b20458b040f41ce9d2360418f96c5cdc0c1b36f1775faf6ad851f8cf5

    • SSDEEP

      1536:iyu8/5wHoqghnUU+S+Yk4IFYei8wdCS+fkAQWLsAjGD2hjl:vfT+Sjk+l8nS+JLtQ2hp

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks