General

  • Target

    bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462

  • Size

    97KB

  • Sample

    241228-cp5e3stpat

  • MD5

    bdc2b1e614d524b549bc605d7edc508d

  • SHA1

    cdfc339cb00bc5fcfe37a0b6b6e796f33c874d41

  • SHA256

    bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462

  • SHA512

    9453a87cd700611ba43594ed4768522060d8e67e9bdfa7a0d77ec5cee5c98eb6a11bc12e57975a3b16e02296dc1c533c9f7dee8ba75aec0ec71fdfdcda947721

  • SSDEEP

    1536:TM9gqKjL/kBx8vvUkKT7PGvnpIXNhXik5Ym4oj4jcfrarU2w2VUXug:TM9gvbkBkMkKUpsNhrYCj4AfV2w2VU

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462

    • Size

      97KB

    • MD5

      bdc2b1e614d524b549bc605d7edc508d

    • SHA1

      cdfc339cb00bc5fcfe37a0b6b6e796f33c874d41

    • SHA256

      bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462

    • SHA512

      9453a87cd700611ba43594ed4768522060d8e67e9bdfa7a0d77ec5cee5c98eb6a11bc12e57975a3b16e02296dc1c533c9f7dee8ba75aec0ec71fdfdcda947721

    • SSDEEP

      1536:TM9gqKjL/kBx8vvUkKT7PGvnpIXNhXik5Ym4oj4jcfrarU2w2VUXug:TM9gvbkBkMkKUpsNhrYCj4AfV2w2VU

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks