General

  • Target

    2024-12-25_d4adae0d99e39f51d8af670c7f739030_bkransomware_hawkeye

  • Size

    520KB

  • Sample

    241225-yascvsvlep

  • MD5

    d4adae0d99e39f51d8af670c7f739030

  • SHA1

    1df18b5fa851d3c5215493daecb770533430d389

  • SHA256

    a5fac9b0d186dbe1d613e39f548433ba6dd59e11520c3397bc97e85ae2a42c87

  • SHA512

    b3b01142ab5aae000a60e1eb0253ce085d21f8dd7997082fc5a6051683c9acfa90125df1fc4fa6c873d1dd4c2bca280a9340155cc43b3a91a311e187935a2ad4

  • SSDEEP

    6144:xoyZmTAsfJFakxaLjcMkc0Cax1PSGp6bYA0w601+dNT9/0626ASkVOAFhe6SK2uN:xoyIJsMPrPTp6bYboEdN0mjubcV8

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-12-25_d4adae0d99e39f51d8af670c7f739030_bkransomware_hawkeye

    • Size

      520KB

    • MD5

      d4adae0d99e39f51d8af670c7f739030

    • SHA1

      1df18b5fa851d3c5215493daecb770533430d389

    • SHA256

      a5fac9b0d186dbe1d613e39f548433ba6dd59e11520c3397bc97e85ae2a42c87

    • SHA512

      b3b01142ab5aae000a60e1eb0253ce085d21f8dd7997082fc5a6051683c9acfa90125df1fc4fa6c873d1dd4c2bca280a9340155cc43b3a91a311e187935a2ad4

    • SSDEEP

      6144:xoyZmTAsfJFakxaLjcMkc0Cax1PSGp6bYA0w601+dNT9/0626ASkVOAFhe6SK2uN:xoyIJsMPrPTp6bYboEdN0mjubcV8

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks