General
-
Target
118a3e383371da420452783f4bc596ac0568e788f2f2f5fd7d2db258d47ee164
-
Size
180KB
-
Sample
220604-dewwmafag2
-
MD5
4c3577af7d632b2359b08d51d5d870cd
-
SHA1
92307d07b77c4405ea6e8c5ca66675ff672744dc
-
SHA256
118a3e383371da420452783f4bc596ac0568e788f2f2f5fd7d2db258d47ee164
-
SHA512
f1c45af6babcad03e34451870b4ef583f755cc94792fdf9f0c97e3afbf0a3a7e4861746d803450fad7de92a7b3ad3c320b261b3879dfb16e86a250b374904ccf
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
118a3e383371da420452783f4bc596ac0568e788f2f2f5fd7d2db258d47ee164
-
Size
180KB
-
MD5
4c3577af7d632b2359b08d51d5d870cd
-
SHA1
92307d07b77c4405ea6e8c5ca66675ff672744dc
-
SHA256
118a3e383371da420452783f4bc596ac0568e788f2f2f5fd7d2db258d47ee164
-
SHA512
f1c45af6babcad03e34451870b4ef583f755cc94792fdf9f0c97e3afbf0a3a7e4861746d803450fad7de92a7b3ad3c320b261b3879dfb16e86a250b374904ccf
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-