General

  • Target

    65901adbb7289cb2a60c2d2adcfb6167c58b0cdcacd31fd25e4198842039f712N.exe

  • Size

    120KB

  • Sample

    241222-pw6ypsypel

  • MD5

    c8dcc05346af66afd3d3df4e8007a9b0

  • SHA1

    3085f84eef8302d5591b4e3a8b3e2eca4a70fb21

  • SHA256

    65901adbb7289cb2a60c2d2adcfb6167c58b0cdcacd31fd25e4198842039f712

  • SHA512

    595215e96ce928a33c6de29506437635a5e8bc9dc06123f6f82564d782aea0f947759daa7a49c402220c1820b009db7c343c446e02568fc9eaefc68260473ec8

  • SSDEEP

    3072:FHPtxi7j/vjfNslYBYa8c+9nZDZ4JUyZ59urcJ3K:Rbi7rjfjBYDvZDyJUEmQ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      65901adbb7289cb2a60c2d2adcfb6167c58b0cdcacd31fd25e4198842039f712N.exe

    • Size

      120KB

    • MD5

      c8dcc05346af66afd3d3df4e8007a9b0

    • SHA1

      3085f84eef8302d5591b4e3a8b3e2eca4a70fb21

    • SHA256

      65901adbb7289cb2a60c2d2adcfb6167c58b0cdcacd31fd25e4198842039f712

    • SHA512

      595215e96ce928a33c6de29506437635a5e8bc9dc06123f6f82564d782aea0f947759daa7a49c402220c1820b009db7c343c446e02568fc9eaefc68260473ec8

    • SSDEEP

      3072:FHPtxi7j/vjfNslYBYa8c+9nZDZ4JUyZ59urcJ3K:Rbi7rjfjBYDvZDyJUEmQ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.