General
-
Target
5df4801695888d9f45d8b7fa662507eb5cfff14527565114c10e430321ff3e84
-
Size
180KB
-
Sample
221121-krt15aff21
-
MD5
3b079bc13ea903c66f6a78a257c4ddf0
-
SHA1
4ad628d6f213e209d5f835cc6a03aae8e8ae7add
-
SHA256
5df4801695888d9f45d8b7fa662507eb5cfff14527565114c10e430321ff3e84
-
SHA512
5b558b5211c9393c911936a1280840c06daacf0481eee117ea013a2d5c757008057406f459c67b9d6264261b398262ad3b8dfd68e125d62bab316f6161d156b8
-
SSDEEP
3072:tYEZfre/ORYtUbtKV+ouqdQmrVxI84+Na00WCXx0dMqn26VJ9CJWW6Qc/:tZeWvbahWD+Na00WCB0e65Vv4
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
5df4801695888d9f45d8b7fa662507eb5cfff14527565114c10e430321ff3e84
-
Size
180KB
-
MD5
3b079bc13ea903c66f6a78a257c4ddf0
-
SHA1
4ad628d6f213e209d5f835cc6a03aae8e8ae7add
-
SHA256
5df4801695888d9f45d8b7fa662507eb5cfff14527565114c10e430321ff3e84
-
SHA512
5b558b5211c9393c911936a1280840c06daacf0481eee117ea013a2d5c757008057406f459c67b9d6264261b398262ad3b8dfd68e125d62bab316f6161d156b8
-
SSDEEP
3072:tYEZfre/ORYtUbtKV+ouqdQmrVxI84+Na00WCXx0dMqn26VJ9CJWW6Qc/:tZeWvbahWD+Na00WCB0e65Vv4
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-