General

  • Target

    1b8045b7ce5aa354ac5e42de8a4545cc1de77f97cf6f31dbee57923a99bc1800.exe

  • Size

    120KB

  • Sample

    241219-ngx7ksspcl

  • MD5

    0345b75547189cf9afdb03ca3815a218

  • SHA1

    30d88098c8728f93608d9e6ac23bcae0148f143e

  • SHA256

    1b8045b7ce5aa354ac5e42de8a4545cc1de77f97cf6f31dbee57923a99bc1800

  • SHA512

    cd9559d458a582f60daa6e09c7c985461017c5b4f98c0130612851e1b0fcc2e89870450fef1e708336bfc7d0237e506779b7e19e94b71af323095afd26ac9348

  • SSDEEP

    1536:djse0fRGwfJBkSbO8+7OQKwKk+ZzOXdwYh5ts0CQN+Sa3ish189uYc8gx:dj8f04JBs8LcKkqKdwkA0CQN+Sax78Y

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      1b8045b7ce5aa354ac5e42de8a4545cc1de77f97cf6f31dbee57923a99bc1800.exe

    • Size

      120KB

    • MD5

      0345b75547189cf9afdb03ca3815a218

    • SHA1

      30d88098c8728f93608d9e6ac23bcae0148f143e

    • SHA256

      1b8045b7ce5aa354ac5e42de8a4545cc1de77f97cf6f31dbee57923a99bc1800

    • SHA512

      cd9559d458a582f60daa6e09c7c985461017c5b4f98c0130612851e1b0fcc2e89870450fef1e708336bfc7d0237e506779b7e19e94b71af323095afd26ac9348

    • SSDEEP

      1536:djse0fRGwfJBkSbO8+7OQKwKk+ZzOXdwYh5ts0CQN+Sa3ish189uYc8gx:dj8f04JBs8LcKkqKdwkA0CQN+Sax78Y

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks