General
-
Target
0722254f5f26344483b51a7653f12c983b85af053b17d66ec2ca4acbae8e10b0
-
Size
168KB
-
Sample
221123-xkb8ysfc37
-
MD5
36bc00ff4e5197a03662bc572a53c4f9
-
SHA1
f987ccb8cf8ea308a7552a0392291094157dd356
-
SHA256
0722254f5f26344483b51a7653f12c983b85af053b17d66ec2ca4acbae8e10b0
-
SHA512
df800e19bc20e512113a1351d057f57c522ef7905cad045f6ebc25f78b4e7d6e66d8dd8fe8431b4c091a7493d9e9d295066be87c52e1e3ec753dbca3ee661d51
-
SSDEEP
3072:aYkmuN0D9litI/vcncFDyeo/kt+aDWTzh5JrwPlJkOqRReMcDH1:aYkmuN0x9/kccdkvqTHEl0IDV
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0722254f5f26344483b51a7653f12c983b85af053b17d66ec2ca4acbae8e10b0
-
Size
168KB
-
MD5
36bc00ff4e5197a03662bc572a53c4f9
-
SHA1
f987ccb8cf8ea308a7552a0392291094157dd356
-
SHA256
0722254f5f26344483b51a7653f12c983b85af053b17d66ec2ca4acbae8e10b0
-
SHA512
df800e19bc20e512113a1351d057f57c522ef7905cad045f6ebc25f78b4e7d6e66d8dd8fe8431b4c091a7493d9e9d295066be87c52e1e3ec753dbca3ee661d51
-
SSDEEP
3072:aYkmuN0D9litI/vcncFDyeo/kt+aDWTzh5JrwPlJkOqRReMcDH1:aYkmuN0x9/kccdkvqTHEl0IDV
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-