General

  • Target

    fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244N.exe

  • Size

    97KB

  • Sample

    241219-nyjerasrdy

  • MD5

    30b58ea48cfee2b7bdc0074ae9059810

  • SHA1

    a8b0035cbb317dd505f4d86f3c2166e34840c76e

  • SHA256

    fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244

  • SHA512

    ea862fc4d4c93a9cf1d8840281c84ff683ed1863994ad181ddd98319fac69fbf574c5d51ac1aa798f7283a639c799c14ebde19af5717a6452fcfdddb98b79ea6

  • SSDEEP

    1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiM:iPS7mwI1L+NB2NoeWdETMFQNU1M

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244N.exe

    • Size

      97KB

    • MD5

      30b58ea48cfee2b7bdc0074ae9059810

    • SHA1

      a8b0035cbb317dd505f4d86f3c2166e34840c76e

    • SHA256

      fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244

    • SHA512

      ea862fc4d4c93a9cf1d8840281c84ff683ed1863994ad181ddd98319fac69fbf574c5d51ac1aa798f7283a639c799c14ebde19af5717a6452fcfdddb98b79ea6

    • SSDEEP

      1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiM:iPS7mwI1L+NB2NoeWdETMFQNU1M

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks