General

  • Target

    e8c60df9bf657535b0cce87a0cd8bb3360d711f4b8061def4f2d38bebbb02f0f

  • Size

    120KB

  • Sample

    241220-klfasatphv

  • MD5

    3968cc0695a2a192ed232743e600ed8f

  • SHA1

    4a439902109785f763cd9782e31031465403cc22

  • SHA256

    e8c60df9bf657535b0cce87a0cd8bb3360d711f4b8061def4f2d38bebbb02f0f

  • SHA512

    1506af71dc5684bef4702af9e39f022dd34f8b0d680065315677fa0b2455e1cc47734c648b8260b4d335280a732fb64d6c1d7142348acf59da9552765e8ac7cc

  • SSDEEP

    3072:JJm8Ur/oHKz11V5Kayt3qaCGlQQPLvcWdHD7WQMno0:JsrAHKD8t3LlHLvHHR0

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e8c60df9bf657535b0cce87a0cd8bb3360d711f4b8061def4f2d38bebbb02f0f

    • Size

      120KB

    • MD5

      3968cc0695a2a192ed232743e600ed8f

    • SHA1

      4a439902109785f763cd9782e31031465403cc22

    • SHA256

      e8c60df9bf657535b0cce87a0cd8bb3360d711f4b8061def4f2d38bebbb02f0f

    • SHA512

      1506af71dc5684bef4702af9e39f022dd34f8b0d680065315677fa0b2455e1cc47734c648b8260b4d335280a732fb64d6c1d7142348acf59da9552765e8ac7cc

    • SSDEEP

      3072:JJm8Ur/oHKz11V5Kayt3qaCGlQQPLvcWdHD7WQMno0:JsrAHKD8t3LlHLvHHR0

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks