General

  • Target

    fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd.exe

  • Size

    624KB

  • Sample

    241222-t7sbxatmax

  • MD5

    ef7f6311e29192dff8699df2780477b7

  • SHA1

    982133187b07f58c91c4eeb9e8f1b1edaf7bdc84

  • SHA256

    fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd

  • SHA512

    824fedaa0ed21c68acd0a3dc63c1f93ed7d2776b9f0fa746f0a0902d4e160780688a956b055fb9e6ff1100b7133ab12b98312cb4945b566c391c1919a8b20202

  • SSDEEP

    12288:8hpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUVrCsB9ks:8/jG01NHXaPlCs1

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd.exe

    • Size

      624KB

    • MD5

      ef7f6311e29192dff8699df2780477b7

    • SHA1

      982133187b07f58c91c4eeb9e8f1b1edaf7bdc84

    • SHA256

      fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd

    • SHA512

      824fedaa0ed21c68acd0a3dc63c1f93ed7d2776b9f0fa746f0a0902d4e160780688a956b055fb9e6ff1100b7133ab12b98312cb4945b566c391c1919a8b20202

    • SSDEEP

      12288:8hpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUVrCsB9ks:8/jG01NHXaPlCs1

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks