General
-
Target
f919f2e7fd49dc709fe9acc32806dddbc34f73eff784f290736bdd9a917a20fa
-
Size
444KB
-
Sample
221123-w7xmqshb31
-
MD5
4331be07dbc9fb430a25ce62f6e546ce
-
SHA1
dcc3d190bd59a1546c2ab83343a4106ab7757dc9
-
SHA256
f919f2e7fd49dc709fe9acc32806dddbc34f73eff784f290736bdd9a917a20fa
-
SHA512
17d597366a22920e39742397f17b47dc4cdf1a0fe9267704c641166315a29ad4ef136e535e1b1876b39d384815518ae125bec92aa660b051bbd6e840c8a234d9
-
SSDEEP
6144:tRCJHSWQeewQeeiQeesQeeHXQeefQee5qbrAtzSVAciy+Mu+EU9VxwAOtnIgMhaM:tRzqbIuADy9AAgujvGL3nsf
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f919f2e7fd49dc709fe9acc32806dddbc34f73eff784f290736bdd9a917a20fa
-
Size
444KB
-
MD5
4331be07dbc9fb430a25ce62f6e546ce
-
SHA1
dcc3d190bd59a1546c2ab83343a4106ab7757dc9
-
SHA256
f919f2e7fd49dc709fe9acc32806dddbc34f73eff784f290736bdd9a917a20fa
-
SHA512
17d597366a22920e39742397f17b47dc4cdf1a0fe9267704c641166315a29ad4ef136e535e1b1876b39d384815518ae125bec92aa660b051bbd6e840c8a234d9
-
SSDEEP
6144:tRCJHSWQeewQeeiQeesQeeHXQeefQee5qbrAtzSVAciy+Mu+EU9VxwAOtnIgMhaM:tRzqbIuADy9AAgujvGL3nsf
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-