General

  • Target

    a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c.exe

  • Size

    120KB

  • Sample

    250108-h1njlazjax

  • MD5

    d2265988dfb4dedf1506075991ac1ab1

  • SHA1

    03dd08f7440bca12bb1f738e12429c85395fbb6c

  • SHA256

    a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c

  • SHA512

    3e454c1b1a68fa22a62be1cd15b7df360e6e3a4e92ee748310a2b89d1f84e4cece7e50029d0e3fe5e0b43ca1acfe03507c06ce8742a25f0f6aab7b06bf6b00e1

  • SSDEEP

    3072:ZUoX+8YXAsgA0NF4qbTQS+pZvCNe8bRhiR:BXpsWhMS+TvCNeQG

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c.exe

    • Size

      120KB

    • MD5

      d2265988dfb4dedf1506075991ac1ab1

    • SHA1

      03dd08f7440bca12bb1f738e12429c85395fbb6c

    • SHA256

      a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c

    • SHA512

      3e454c1b1a68fa22a62be1cd15b7df360e6e3a4e92ee748310a2b89d1f84e4cece7e50029d0e3fe5e0b43ca1acfe03507c06ce8742a25f0f6aab7b06bf6b00e1

    • SSDEEP

      3072:ZUoX+8YXAsgA0NF4qbTQS+pZvCNe8bRhiR:BXpsWhMS+TvCNeQG

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks