General

  • Target

    6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4bN.exe

  • Size

    120KB

  • Sample

    241219-zznlmszpep

  • MD5

    8f60ed2769e97f0a08d1fcc1afdf2460

  • SHA1

    db7bab678cd71b6c5878165dd26c66f052e31465

  • SHA256

    6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4b

  • SHA512

    8673122201aed1b90a709cc58c54abc97181d5a99ad138ea620ae6208e080f0ad32a5a9fa9d438e491f2c5fd1d023a4f05c3ee740dd615d5136b0a8f64660221

  • SSDEEP

    1536:OUs7Me5B3EjEY9ztekjDgFS+ecnW/9NACQ4YHmVfilRhbRoJgIpKdOo0:a7Me/E3z4wsF7gNnQ48mValDoEO

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4bN.exe

    • Size

      120KB

    • MD5

      8f60ed2769e97f0a08d1fcc1afdf2460

    • SHA1

      db7bab678cd71b6c5878165dd26c66f052e31465

    • SHA256

      6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4b

    • SHA512

      8673122201aed1b90a709cc58c54abc97181d5a99ad138ea620ae6208e080f0ad32a5a9fa9d438e491f2c5fd1d023a4f05c3ee740dd615d5136b0a8f64660221

    • SSDEEP

      1536:OUs7Me5B3EjEY9ztekjDgFS+ecnW/9NACQ4YHmVfilRhbRoJgIpKdOo0:a7Me/E3z4wsF7gNnQ48mValDoEO

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks