General

  • Target

    ce958e0fed577192e6d4a5ed1985acfe87e40b7c1527e7d6c93d745edde254a3.exe

  • Size

    263KB

  • Sample

    250317-edefmay1hv

  • MD5

    d99f84dbc10c1bdf979d330a092dc046

  • SHA1

    553a7afd08be4fb8880e9c7d0065e1fce3645f38

  • SHA256

    ce958e0fed577192e6d4a5ed1985acfe87e40b7c1527e7d6c93d745edde254a3

  • SHA512

    a82b0fcad2e3672ee80e8397248bd5c6e73ab816eebed663bbf29f049a73cd8f3b86f3a01fc018f467db06275f4fed2ba857cb5dfed415f683f80ae69de342fb

  • SSDEEP

    3072:3nlVICUkLrGGTINTBfkIBaTMRWpodlTcEc25u5kD6kFvnb9:3nXMkx8NTBcBT+dl4EfuSDRFp

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ce958e0fed577192e6d4a5ed1985acfe87e40b7c1527e7d6c93d745edde254a3.exe

    • Size

      263KB

    • MD5

      d99f84dbc10c1bdf979d330a092dc046

    • SHA1

      553a7afd08be4fb8880e9c7d0065e1fce3645f38

    • SHA256

      ce958e0fed577192e6d4a5ed1985acfe87e40b7c1527e7d6c93d745edde254a3

    • SHA512

      a82b0fcad2e3672ee80e8397248bd5c6e73ab816eebed663bbf29f049a73cd8f3b86f3a01fc018f467db06275f4fed2ba857cb5dfed415f683f80ae69de342fb

    • SSDEEP

      3072:3nlVICUkLrGGTINTBfkIBaTMRWpodlTcEc25u5kD6kFvnb9:3nXMkx8NTBcBT+dl4EfuSDRFp

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • Windows security bypass

    • Downloads MZ/PE file

    • Deletes itself

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks