General
-
Target
c322569c729f4bbc4d29d0ea637bddf349722b86e63e532501b1371a4d60881c
-
Size
138KB
-
Sample
221030-1mxt8adaap
-
MD5
907d1564036da4b622feebfff485319e
-
SHA1
6300b3ba545e6ddbf21d693b71b3623e94e088f4
-
SHA256
c322569c729f4bbc4d29d0ea637bddf349722b86e63e532501b1371a4d60881c
-
SHA512
912b354f16eabfec29300c7534fa26bbc3108d1a00c0e6d061c057b7ff81731238d09812af0d2b628135b7a11b90996b27eafd8288aaec599c59d6292236d12b
-
SSDEEP
3072:38+7/h6xEWjkfLsfnvmTDJZIa1HOjOKa8b2hmHuYpi5hG8Aq4Pfzg:Z7/h6qWoLsfvmzH1OZRihO3shG8AqAc
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c322569c729f4bbc4d29d0ea637bddf349722b86e63e532501b1371a4d60881c
-
Size
138KB
-
MD5
907d1564036da4b622feebfff485319e
-
SHA1
6300b3ba545e6ddbf21d693b71b3623e94e088f4
-
SHA256
c322569c729f4bbc4d29d0ea637bddf349722b86e63e532501b1371a4d60881c
-
SHA512
912b354f16eabfec29300c7534fa26bbc3108d1a00c0e6d061c057b7ff81731238d09812af0d2b628135b7a11b90996b27eafd8288aaec599c59d6292236d12b
-
SSDEEP
3072:38+7/h6xEWjkfLsfnvmTDJZIa1HOjOKa8b2hmHuYpi5hG8Aq4Pfzg:Z7/h6qWoLsfvmzH1OZRihO3shG8AqAc
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-