General

  • Target

    678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992.exe

  • Size

    120KB

  • Sample

    241222-q3vppa1jgj

  • MD5

    8110b6d591402fbd4a3db406b67d6a92

  • SHA1

    b283410dad0aa1724261b6d6e68ffab0d264fc92

  • SHA256

    678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992

  • SHA512

    121665158f89fbda9b421275720f647cf85da34d81c6ec17d2730bf32c231046f51b2137a7ea8bb5608c145e06780b8b59a01bba2d1146aebb39f658056855dc

  • SSDEEP

    1536:48mBsobH7Py8kFWQPbg09WkAniKUqJUnmcfEv/yh17qV+pIQcl0VmZPSVp:4XsZNFW+gcWqqJ4sCn7qsIZ/ZqX

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992.exe

    • Size

      120KB

    • MD5

      8110b6d591402fbd4a3db406b67d6a92

    • SHA1

      b283410dad0aa1724261b6d6e68ffab0d264fc92

    • SHA256

      678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992

    • SHA512

      121665158f89fbda9b421275720f647cf85da34d81c6ec17d2730bf32c231046f51b2137a7ea8bb5608c145e06780b8b59a01bba2d1146aebb39f658056855dc

    • SSDEEP

      1536:48mBsobH7Py8kFWQPbg09WkAniKUqJUnmcfEv/yh17qV+pIQcl0VmZPSVp:4XsZNFW+gcWqqJ4sCn7qsIZ/ZqX

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks