General

  • Target

    b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84

  • Size

    120KB

  • Sample

    250108-hmqf2aymfz

  • MD5

    49161caff8c5ad6d965c7a0b1a33f5f0

  • SHA1

    5d23341d7adb9d1c237aab9dd3a8dddf91b454fb

  • SHA256

    b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84

  • SHA512

    8cf2c9cd55e1fc86b461c15dea3807f3cd547c5cde6f283d5bace5817a9f4aa9c8470f8373d562b23a50ce3df8d7b57353741ef1309d769e573162c2b6620854

  • SSDEEP

    1536:E3ZuT+Q/YpsNboOpfD1H2TDxBoUMrw0vF80vUZCYooWwx1/wF:EJFDp62TDLoIwF3vU8Yoov

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84

    • Size

      120KB

    • MD5

      49161caff8c5ad6d965c7a0b1a33f5f0

    • SHA1

      5d23341d7adb9d1c237aab9dd3a8dddf91b454fb

    • SHA256

      b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84

    • SHA512

      8cf2c9cd55e1fc86b461c15dea3807f3cd547c5cde6f283d5bace5817a9f4aa9c8470f8373d562b23a50ce3df8d7b57353741ef1309d769e573162c2b6620854

    • SSDEEP

      1536:E3ZuT+Q/YpsNboOpfD1H2TDxBoUMrw0vF80vUZCYooWwx1/wF:EJFDp62TDLoIwF3vU8Yoov

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks