General

  • Target

    e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342cN.exe

  • Size

    120KB

  • Sample

    250108-hsnjma1nfn

  • MD5

    01dace3784066009179cd03c6ba35d50

  • SHA1

    b53de9e894a741bbf41b6c01ff5d4119c10147cf

  • SHA256

    e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342c

  • SHA512

    43eba23b75c6b085914a6ced1da3882d16266080f2f5f1909679aceeef6294bdf9c5f6fcfb424e8264043110a820e578670635b69da220fc5acb37d1ecfff3f9

  • SSDEEP

    3072:icwLFX5dPOHTaXfG9JuxoV9ZInZbWCCj:KFX54HTaX8JBV9+ZbfC

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342cN.exe

    • Size

      120KB

    • MD5

      01dace3784066009179cd03c6ba35d50

    • SHA1

      b53de9e894a741bbf41b6c01ff5d4119c10147cf

    • SHA256

      e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342c

    • SHA512

      43eba23b75c6b085914a6ced1da3882d16266080f2f5f1909679aceeef6294bdf9c5f6fcfb424e8264043110a820e578670635b69da220fc5acb37d1ecfff3f9

    • SSDEEP

      3072:icwLFX5dPOHTaXfG9JuxoV9ZInZbWCCj:KFX54HTaX8JBV9+ZbfC

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks