General
-
Target
30ea4cda531ea2ea2a7f2b5494fcc830e623518862c48852a4b1e3b03c071f95
-
Size
177KB
-
Sample
221021-nt6dqaacam
-
MD5
22408f36bd6db96d30c5bb149b3050e0
-
SHA1
e184eeb125c465dfa2b1a721ad89b45ce0cf3801
-
SHA256
30ea4cda531ea2ea2a7f2b5494fcc830e623518862c48852a4b1e3b03c071f95
-
SHA512
743f21a1ee68de71eaf52c0e7d91db9c5826e37ea0c3b98a11d662c2aa536e96e60a859a8abb69683bf87589d903e3e2772000827268270b0cfdb810d5ea2198
-
SSDEEP
3072:Yq/HSpAbGTe2Aq/tqiI09Gp7ifqtTyOWZS7wB7gUkIjr7aF1A:YqQAbge6Gp79Wc7pIjr7aF1A
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
30ea4cda531ea2ea2a7f2b5494fcc830e623518862c48852a4b1e3b03c071f95
-
Size
177KB
-
MD5
22408f36bd6db96d30c5bb149b3050e0
-
SHA1
e184eeb125c465dfa2b1a721ad89b45ce0cf3801
-
SHA256
30ea4cda531ea2ea2a7f2b5494fcc830e623518862c48852a4b1e3b03c071f95
-
SHA512
743f21a1ee68de71eaf52c0e7d91db9c5826e37ea0c3b98a11d662c2aa536e96e60a859a8abb69683bf87589d903e3e2772000827268270b0cfdb810d5ea2198
-
SSDEEP
3072:Yq/HSpAbGTe2Aq/tqiI09Gp7ifqtTyOWZS7wB7gUkIjr7aF1A:YqQAbge6Gp79Wc7pIjr7aF1A
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Possible privilege escalation attempt
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies file permissions
-
Windows security modification
-
Checks whether UAC is enabled
-