General

  • Target

    a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1bN.exe

  • Size

    120KB

  • Sample

    241219-zlndqazlgl

  • MD5

    9e5233f37a12ef01a5e6d5ce052ec3f0

  • SHA1

    b0d053b7f1f9277799c0c37c766e097a004df713

  • SHA256

    a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1b

  • SHA512

    1325f5be443a5e40bd094e2aba7ec0741db072f31834cf045a893c8379d5db5ddf74df3c69d8cd35dab1a55f617f2e06b54e1fc0518a34640579585bfc8e7750

  • SSDEEP

    3072:CJ4TniKE35L+2AZJk+dUz8LTDBBWXSA9C2lW:CJun1i2Z0zqBBOSAfW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1bN.exe

    • Size

      120KB

    • MD5

      9e5233f37a12ef01a5e6d5ce052ec3f0

    • SHA1

      b0d053b7f1f9277799c0c37c766e097a004df713

    • SHA256

      a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1b

    • SHA512

      1325f5be443a5e40bd094e2aba7ec0741db072f31834cf045a893c8379d5db5ddf74df3c69d8cd35dab1a55f617f2e06b54e1fc0518a34640579585bfc8e7750

    • SSDEEP

      3072:CJ4TniKE35L+2AZJk+dUz8LTDBBWXSA9C2lW:CJun1i2Z0zqBBOSAfW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks