General

  • Target

    c6ce6cf97d1ecf60c54b5b3c5e14ed1d0aa6f0e167174d9a1c5d2ff5e299946e.exe

  • Size

    65KB

  • Sample

    241225-2egzgazrek

  • MD5

    6627f450a7f0f5fd4e238e559d7d23d4

  • SHA1

    4368fec49d9ba49289be3b3a656e9ad04398dce2

  • SHA256

    c6ce6cf97d1ecf60c54b5b3c5e14ed1d0aa6f0e167174d9a1c5d2ff5e299946e

  • SHA512

    d9589dd2cdef060869ce3b51ba75c9b93217e8f91822e2737d7eb49e813e8fef06e7ca54b4dc56a0a2b7dadbf6186106dbd12727a80dbaedb95966d95a5d28e2

  • SSDEEP

    1536:Idviy3vkryky/IFNZURD1YMJP2JH/Wd6ovCz1R6Qgn0iAs:GviZryCFI11Y8g6vCz1vxiAs

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      c6ce6cf97d1ecf60c54b5b3c5e14ed1d0aa6f0e167174d9a1c5d2ff5e299946e.exe

    • Size

      65KB

    • MD5

      6627f450a7f0f5fd4e238e559d7d23d4

    • SHA1

      4368fec49d9ba49289be3b3a656e9ad04398dce2

    • SHA256

      c6ce6cf97d1ecf60c54b5b3c5e14ed1d0aa6f0e167174d9a1c5d2ff5e299946e

    • SHA512

      d9589dd2cdef060869ce3b51ba75c9b93217e8f91822e2737d7eb49e813e8fef06e7ca54b4dc56a0a2b7dadbf6186106dbd12727a80dbaedb95966d95a5d28e2

    • SSDEEP

      1536:Idviy3vkryky/IFNZURD1YMJP2JH/Wd6ovCz1R6Qgn0iAs:GviZryCFI11Y8g6vCz1vxiAs

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks