General
-
Target
11790cd5b5de6fba9a1fa8cba0615ef0a720f13eddb45ec77c3e0bf356a12b99
-
Size
204KB
-
Sample
220604-eedwgshba6
-
MD5
ade87a435fc63a4b9efd65b7ace79367
-
SHA1
896a98d930dd0df883e833e9e984f3f669b025ca
-
SHA256
11790cd5b5de6fba9a1fa8cba0615ef0a720f13eddb45ec77c3e0bf356a12b99
-
SHA512
b739565e9515ef315d1ffd8c3edd1d2c4ba8907f6a3aad5a21b26983cd683b99b61a733f042e00463eb18e55e7ca35a1a30b6f796321aa24554ce73d36bb8539
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
11790cd5b5de6fba9a1fa8cba0615ef0a720f13eddb45ec77c3e0bf356a12b99
-
Size
204KB
-
MD5
ade87a435fc63a4b9efd65b7ace79367
-
SHA1
896a98d930dd0df883e833e9e984f3f669b025ca
-
SHA256
11790cd5b5de6fba9a1fa8cba0615ef0a720f13eddb45ec77c3e0bf356a12b99
-
SHA512
b739565e9515ef315d1ffd8c3edd1d2c4ba8907f6a3aad5a21b26983cd683b99b61a733f042e00463eb18e55e7ca35a1a30b6f796321aa24554ce73d36bb8539
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-