General

  • Target

    2025-05-25_26e97bd537fe58997a5b53e836dd8bfc_black-basta_elex

  • Size

    3.7MB

  • Sample

    250525-p6bkjstscw

  • MD5

    26e97bd537fe58997a5b53e836dd8bfc

  • SHA1

    94ad155ccbfe52e47694cb6f90354df804d84dbf

  • SHA256

    0ca92301aaeb4f9ac2406ff00d568607083154612ce66b11440889fe47b86532

  • SHA512

    bc5f1e0c63f43b977ef020f4c1a6d17191e1edfaec3269c7d4e0368b80e83e4c9e80b7790a42e2d7bfd9f5ae5647560a9accf48118866c599e4276c8884e446b

  • SSDEEP

    98304:dAeZjOBfKvX7EedFY/G6Ym6g6N/JLUk2qs658OR3r:dxZZPIYY/G6H6g6NBLUko6uOR3r

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      2025-05-25_26e97bd537fe58997a5b53e836dd8bfc_black-basta_elex

    • Size

      3.7MB

    • MD5

      26e97bd537fe58997a5b53e836dd8bfc

    • SHA1

      94ad155ccbfe52e47694cb6f90354df804d84dbf

    • SHA256

      0ca92301aaeb4f9ac2406ff00d568607083154612ce66b11440889fe47b86532

    • SHA512

      bc5f1e0c63f43b977ef020f4c1a6d17191e1edfaec3269c7d4e0368b80e83e4c9e80b7790a42e2d7bfd9f5ae5647560a9accf48118866c599e4276c8884e446b

    • SSDEEP

      98304:dAeZjOBfKvX7EedFY/G6Ym6g6N/JLUk2qs658OR3r:dxZZPIYY/G6H6g6NBLUko6uOR3r

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Deletes itself

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks