General

  • Target

    e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c

  • Size

    5.0MB

  • Sample

    241220-jacj3stjby

  • MD5

    48f5cb70cd31753680006ac88ebf79cd

  • SHA1

    f34394275c3b793252003b4c726a8d33d0eba70e

  • SHA256

    e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c

  • SHA512

    4bd15b5f362c0b16d9c4aa4f2eb870fd92bb48b0ac68727bf84055991fc5e192614bdb235f3dd1678ca0f2bbbb80042c3012908c1ada7db5fe64dbbeb5498d3a

  • SSDEEP

    49152:M8808Nj/P3CRggLTjlzin2Q6ZeCCF4+ITov6g7apCW9kf6LuoCrhyVCvPXZLWgnN:6bNj/vC2Qhi4JT+cI9y5kXZLTW9o

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c

    • Size

      5.0MB

    • MD5

      48f5cb70cd31753680006ac88ebf79cd

    • SHA1

      f34394275c3b793252003b4c726a8d33d0eba70e

    • SHA256

      e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c

    • SHA512

      4bd15b5f362c0b16d9c4aa4f2eb870fd92bb48b0ac68727bf84055991fc5e192614bdb235f3dd1678ca0f2bbbb80042c3012908c1ada7db5fe64dbbeb5498d3a

    • SSDEEP

      49152:M8808Nj/P3CRggLTjlzin2Q6ZeCCF4+ITov6g7apCW9kf6LuoCrhyVCvPXZLWgnN:6bNj/vC2Qhi4JT+cI9y5kXZLTW9o

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.