General
-
Target
d078870493022685025e69eb247ebd07b8fdab09e15cd6b4ce38b022a9883d5c
-
Size
881KB
-
Sample
221123-tehxrsgh6w
-
MD5
535bf92fc36d15e1efad72df8f841fa6
-
SHA1
a9d5a3fb2fbac952dce815eb1f11866092d82667
-
SHA256
d078870493022685025e69eb247ebd07b8fdab09e15cd6b4ce38b022a9883d5c
-
SHA512
32f345a47fe049902f9d6d759940d69983aafcdcc055cde9cf444fe35c9f74903840061b6eb1c4b9473e2138d5d299844372c2e52029f75179803e8d99fdd728
-
SSDEEP
12288:zaBStl2ur7lYLD4eR48zJCBxxWKqDEHQf/XRP9w9C2wg/dw3eVpTfmh6LcZx38:zaU3Jy34D8zJCBxxWzJw9T1tTQF4
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
d078870493022685025e69eb247ebd07b8fdab09e15cd6b4ce38b022a9883d5c
-
Size
881KB
-
MD5
535bf92fc36d15e1efad72df8f841fa6
-
SHA1
a9d5a3fb2fbac952dce815eb1f11866092d82667
-
SHA256
d078870493022685025e69eb247ebd07b8fdab09e15cd6b4ce38b022a9883d5c
-
SHA512
32f345a47fe049902f9d6d759940d69983aafcdcc055cde9cf444fe35c9f74903840061b6eb1c4b9473e2138d5d299844372c2e52029f75179803e8d99fdd728
-
SSDEEP
12288:zaBStl2ur7lYLD4eR48zJCBxxWKqDEHQf/XRP9w9C2wg/dw3eVpTfmh6LcZx38:zaU3Jy34D8zJCBxxWzJw9T1tTQF4
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-