General
-
Target
02630b3e281a69594dece552df43715ad6b9c70edc8eb273fa33d1b67a53dc05
-
Size
97KB
-
Sample
221106-x2lhysbbgm
-
MD5
06778c6468514cf69dd4ecfed06566b1
-
SHA1
4dc62749b8f590428e476ca7d96d0615e13d2653
-
SHA256
02630b3e281a69594dece552df43715ad6b9c70edc8eb273fa33d1b67a53dc05
-
SHA512
e814492f49f88f3cd4debfbcfdb7965d1115143f24f61ccd9a821a2c6bb5f67d9e8533e751ffb31ffeb427da0953307a139174e5add5ea8e1fe476042f5b598c
-
SSDEEP
1536:+OVXFi4ZOnpvpZVtkQmYfQix5ct3PAUse5Sgp9AcguIvkdOl:JXjYnpBSQmYoK5nUp5Sg/Ah
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
02630b3e281a69594dece552df43715ad6b9c70edc8eb273fa33d1b67a53dc05
-
Size
97KB
-
MD5
06778c6468514cf69dd4ecfed06566b1
-
SHA1
4dc62749b8f590428e476ca7d96d0615e13d2653
-
SHA256
02630b3e281a69594dece552df43715ad6b9c70edc8eb273fa33d1b67a53dc05
-
SHA512
e814492f49f88f3cd4debfbcfdb7965d1115143f24f61ccd9a821a2c6bb5f67d9e8533e751ffb31ffeb427da0953307a139174e5add5ea8e1fe476042f5b598c
-
SSDEEP
1536:+OVXFi4ZOnpvpZVtkQmYfQix5ct3PAUse5Sgp9AcguIvkdOl:JXjYnpBSQmYoK5nUp5Sg/Ah
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-