General

  • Target

    3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385aN.exe

  • Size

    65KB

  • Sample

    241220-cnjrzswpfv

  • MD5

    60259aaefbe33c2a8ffc1bec0c3c8410

  • SHA1

    7eeeb656efbdd24a8b6b2ce813c58aef05509adf

  • SHA256

    3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385a

  • SHA512

    64a55d51cab8c685d80bb5620afea4cb209675d595b64108ed855e7ba2a6ea75101b904336dce20f07745e2d29366735f9a1c4963d0ad074521bb3002ddb168d

  • SSDEEP

    1536:psMID2hHc+AlDk4xPCvNUygQDbp9AbjWowBx2txy87hH2ha36Cm7:psY8+QfS2ygQvp9AXWooCy87hHW397

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385aN.exe

    • Size

      65KB

    • MD5

      60259aaefbe33c2a8ffc1bec0c3c8410

    • SHA1

      7eeeb656efbdd24a8b6b2ce813c58aef05509adf

    • SHA256

      3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385a

    • SHA512

      64a55d51cab8c685d80bb5620afea4cb209675d595b64108ed855e7ba2a6ea75101b904336dce20f07745e2d29366735f9a1c4963d0ad074521bb3002ddb168d

    • SSDEEP

      1536:psMID2hHc+AlDk4xPCvNUygQDbp9AbjWowBx2txy87hH2ha36Cm7:psY8+QfS2ygQvp9AXWooCy87hHW397

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks