General

  • Target

    678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992.exe

  • Size

    120KB

  • Sample

    241222-q8hbjs1kfq

  • MD5

    8110b6d591402fbd4a3db406b67d6a92

  • SHA1

    b283410dad0aa1724261b6d6e68ffab0d264fc92

  • SHA256

    678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992

  • SHA512

    121665158f89fbda9b421275720f647cf85da34d81c6ec17d2730bf32c231046f51b2137a7ea8bb5608c145e06780b8b59a01bba2d1146aebb39f658056855dc

  • SSDEEP

    1536:48mBsobH7Py8kFWQPbg09WkAniKUqJUnmcfEv/yh17qV+pIQcl0VmZPSVp:4XsZNFW+gcWqqJ4sCn7qsIZ/ZqX

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992.exe

    • Size

      120KB

    • MD5

      8110b6d591402fbd4a3db406b67d6a92

    • SHA1

      b283410dad0aa1724261b6d6e68ffab0d264fc92

    • SHA256

      678aa3def89313b2cc54db583fbc3e78f8defde20fea7a1f819ed8d54be5d992

    • SHA512

      121665158f89fbda9b421275720f647cf85da34d81c6ec17d2730bf32c231046f51b2137a7ea8bb5608c145e06780b8b59a01bba2d1146aebb39f658056855dc

    • SSDEEP

      1536:48mBsobH7Py8kFWQPbg09WkAniKUqJUnmcfEv/yh17qV+pIQcl0VmZPSVp:4XsZNFW+gcWqqJ4sCn7qsIZ/ZqX

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.