General
-
Target
c9b1b8de42540ec9125d8e73b03ab1335a01e400c519416ea372e49d15bc6608
-
Size
344KB
-
Sample
221020-n3yp8scfe7
-
MD5
a0416f140e57b9ca4a227f45f8a3eb6f
-
SHA1
a7234037d89d1b8af9e0f87672179dcfa1ce7664
-
SHA256
c9b1b8de42540ec9125d8e73b03ab1335a01e400c519416ea372e49d15bc6608
-
SHA512
9ff309cb083019831c8063e226f0849f96dd68b8415e45a370e8ecdcb40aeacb9afbddb4a1bdc80825e682c9b929339dd33dfcf8f9e855fd19c48d9d2d3e751a
-
SSDEEP
6144:7rGABDkpgFSiFHg5IN7th9B1BYShGLYH0G77:7rGABIgjHgGkdM0G77
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c9b1b8de42540ec9125d8e73b03ab1335a01e400c519416ea372e49d15bc6608
-
Size
344KB
-
MD5
a0416f140e57b9ca4a227f45f8a3eb6f
-
SHA1
a7234037d89d1b8af9e0f87672179dcfa1ce7664
-
SHA256
c9b1b8de42540ec9125d8e73b03ab1335a01e400c519416ea372e49d15bc6608
-
SHA512
9ff309cb083019831c8063e226f0849f96dd68b8415e45a370e8ecdcb40aeacb9afbddb4a1bdc80825e682c9b929339dd33dfcf8f9e855fd19c48d9d2d3e751a
-
SSDEEP
6144:7rGABDkpgFSiFHg5IN7th9B1BYShGLYH0G77:7rGABIgjHgGkdM0G77
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-