General

  • Target

    982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3.exe

  • Size

    2.6MB

  • Sample

    250201-y2jj2aylcv

  • MD5

    abe1f9b4c118b72b56ef1eecb21742c6

  • SHA1

    ec132034b246f6753454b34fa902a9c0cf8eaf9d

  • SHA256

    982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3

  • SHA512

    cea4747103bc470ff305ea3a220bbfa1066368b1fb9e0c8ca860822bcea211a0642efa99ba8f2ef6348b0f3fbf1d0beca882c91df2f1b888db8aa73042fabb00

  • SSDEEP

    24576:jDQvrW2goWlpCCZQ59lbydQnKPE/0ZEEm1IcEcGp9XodFP0ZwGsXHoMHp:j4rWJorCZQZUOK40+XaC+Z/fMJ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3.exe

    • Size

      2.6MB

    • MD5

      abe1f9b4c118b72b56ef1eecb21742c6

    • SHA1

      ec132034b246f6753454b34fa902a9c0cf8eaf9d

    • SHA256

      982e70455b1323e96ed4e4a2043e3120895282ed2f0ad3af850efe98b90103e3

    • SHA512

      cea4747103bc470ff305ea3a220bbfa1066368b1fb9e0c8ca860822bcea211a0642efa99ba8f2ef6348b0f3fbf1d0beca882c91df2f1b888db8aa73042fabb00

    • SSDEEP

      24576:jDQvrW2goWlpCCZQ59lbydQnKPE/0ZEEm1IcEcGp9XodFP0ZwGsXHoMHp:j4rWJorCZQZUOK40+XaC+Z/fMJ

    • Detect Neshta payload

    • Modifies firewall policy service

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks