General

  • Target

    b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4fN.exe

  • Size

    120KB

  • Sample

    241220-efl89azkek

  • MD5

    b5b470c2dff8b27a38604733c9c3ef50

  • SHA1

    c79bbead38360d3e013d1e665a86c6efb2bbaadc

  • SHA256

    b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4f

  • SHA512

    b2908f86fd71d667e7d812f9a3d4733d9ad75e13e4f1d73579848bcd1f0bdfee91c055b1f51204ddd7d2183ba2e49462b96da3ac74d5f577f2e53f6d897a6975

  • SSDEEP

    1536:wdItgk5pFOVbCVU6LMoFiGLpwpzl5dUzANHGVYbRjN7iEEki8PKzSumcAI:cUfYIV/7KPUzANT7iEE78PKzdpZ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4fN.exe

    • Size

      120KB

    • MD5

      b5b470c2dff8b27a38604733c9c3ef50

    • SHA1

      c79bbead38360d3e013d1e665a86c6efb2bbaadc

    • SHA256

      b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4f

    • SHA512

      b2908f86fd71d667e7d812f9a3d4733d9ad75e13e4f1d73579848bcd1f0bdfee91c055b1f51204ddd7d2183ba2e49462b96da3ac74d5f577f2e53f6d897a6975

    • SSDEEP

      1536:wdItgk5pFOVbCVU6LMoFiGLpwpzl5dUzANHGVYbRjN7iEEki8PKzSumcAI:cUfYIV/7KPUzANT7iEE78PKzdpZ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks