General

  • Target

    a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463.exe

  • Size

    120KB

  • Sample

    241231-g2x9ra1rhx

  • MD5

    28d1cbaf7e0e6c26169681a49db9d1ce

  • SHA1

    f3066f472e0315e64bd7b18c531c4aabad19398d

  • SHA256

    a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463

  • SHA512

    a4efc29ef4767fba9661bae165de1a374d870cc1b00ef557f410eafd3c9f742ceb4db8bb817035d4a316b30eb164ecf7def1c667b796bebe8ac60c64ea979feb

  • SSDEEP

    3072:sIPmmCgC0uKEs54ATE+tdgmEGs1bLdhLe:sIPmmluKEK4A3dgRP1bLdE

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463.exe

    • Size

      120KB

    • MD5

      28d1cbaf7e0e6c26169681a49db9d1ce

    • SHA1

      f3066f472e0315e64bd7b18c531c4aabad19398d

    • SHA256

      a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463

    • SHA512

      a4efc29ef4767fba9661bae165de1a374d870cc1b00ef557f410eafd3c9f742ceb4db8bb817035d4a316b30eb164ecf7def1c667b796bebe8ac60c64ea979feb

    • SSDEEP

      3072:sIPmmCgC0uKEs54ATE+tdgmEGs1bLdhLe:sIPmmluKEK4A3dgRP1bLdE

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks