General

  • Target

    02084f8451a04b784001637f0d1b1691bcc050ea28a407a79fe215473c0cfbecN.exe

  • Size

    120KB

  • Sample

    250108-jabmsaskhp

  • MD5

    c2659b93bb2a2949926f76a7b927d0e0

  • SHA1

    ae26ffdeae0323cef95214b1fea0dacfa679f098

  • SHA256

    02084f8451a04b784001637f0d1b1691bcc050ea28a407a79fe215473c0cfbec

  • SHA512

    da4ca8b6d08a65be8c6b40c2895e2993420a7dff137ba5ee51dcfb5ff5c701423786ccb58d3e5ceda7de0f5de958a1002399ead2cb70b940d634bcccb75b2920

  • SSDEEP

    1536:eIG/ndqWqk90JLLkBJD8cOI18xPVFPhwz/2Ib5eQMMpWwj3q6lJwQr2w:eIeqfCJDj8xP/yL2Ib5btpWgRPwax

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      02084f8451a04b784001637f0d1b1691bcc050ea28a407a79fe215473c0cfbecN.exe

    • Size

      120KB

    • MD5

      c2659b93bb2a2949926f76a7b927d0e0

    • SHA1

      ae26ffdeae0323cef95214b1fea0dacfa679f098

    • SHA256

      02084f8451a04b784001637f0d1b1691bcc050ea28a407a79fe215473c0cfbec

    • SHA512

      da4ca8b6d08a65be8c6b40c2895e2993420a7dff137ba5ee51dcfb5ff5c701423786ccb58d3e5ceda7de0f5de958a1002399ead2cb70b940d634bcccb75b2920

    • SSDEEP

      1536:eIG/ndqWqk90JLLkBJD8cOI18xPVFPhwz/2Ib5eQMMpWwj3q6lJwQr2w:eIeqfCJDj8xP/yL2Ib5btpWgRPwax

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks