General
-
Target
4e42e59d7ba81ab8a880aa589c520dea8fcadaeb11569f2612e89e2e53c00ec7
-
Size
173KB
-
Sample
221108-crzydacbg9
-
MD5
0b40102a3f7409b7189e91d2ebad4480
-
SHA1
77bf14d71a234326c0168d7042bdb9af68a4ef56
-
SHA256
4e42e59d7ba81ab8a880aa589c520dea8fcadaeb11569f2612e89e2e53c00ec7
-
SHA512
7596a6d9d598f726968ad9cddd776264f1393d8eead04b75dcdd6466817345ce5f5cacef935ad4271d17210f8b7616a6e56e394b3a0c532629f4070980333e53
-
SSDEEP
3072:Fq/bSpAbGTe2Aq/tqiBQOFugPY4j5+115fRxuyG/SE9vMd1A:Fq0Abge9OFugPY4215ZHEDyd1A
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
4e42e59d7ba81ab8a880aa589c520dea8fcadaeb11569f2612e89e2e53c00ec7
-
Size
173KB
-
MD5
0b40102a3f7409b7189e91d2ebad4480
-
SHA1
77bf14d71a234326c0168d7042bdb9af68a4ef56
-
SHA256
4e42e59d7ba81ab8a880aa589c520dea8fcadaeb11569f2612e89e2e53c00ec7
-
SHA512
7596a6d9d598f726968ad9cddd776264f1393d8eead04b75dcdd6466817345ce5f5cacef935ad4271d17210f8b7616a6e56e394b3a0c532629f4070980333e53
-
SSDEEP
3072:Fq/bSpAbGTe2Aq/tqiBQOFugPY4j5+115fRxuyG/SE9vMd1A:Fq0Abge9OFugPY4215ZHEDyd1A
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Possible privilege escalation attempt
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies file permissions
-
Windows security modification
-
Checks whether UAC is enabled
-