General

  • Target

    2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442N.exe

  • Size

    120KB

  • Sample

    241219-zep9qsyphz

  • MD5

    4a5fadd44f38c0c927de89fb8f6a19a0

  • SHA1

    d4c9ae89118bd4c3cedd8fe167118fa06390da22

  • SHA256

    2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442

  • SHA512

    163cfdfd35f0b82e457885d6519fe203febdcba8d127b6b8434d11202df278f669cff557281852270f502a5c542a7591417eca07e96579e9e1541e93788e0e94

  • SSDEEP

    3072:vyBypFoaosoj8asWYwBnTT3dzAR9LO1hd/:vyBGGPsoj8sBTT3efK

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442N.exe

    • Size

      120KB

    • MD5

      4a5fadd44f38c0c927de89fb8f6a19a0

    • SHA1

      d4c9ae89118bd4c3cedd8fe167118fa06390da22

    • SHA256

      2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442

    • SHA512

      163cfdfd35f0b82e457885d6519fe203febdcba8d127b6b8434d11202df278f669cff557281852270f502a5c542a7591417eca07e96579e9e1541e93788e0e94

    • SSDEEP

      3072:vyBypFoaosoj8asWYwBnTT3dzAR9LO1hd/:vyBGGPsoj8sBTT3efK

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks