General
-
Target
476ae9f56ae458a9feec9a5f59133aee194a5855e4e71b2617355aec225d20cc
-
Size
356KB
-
Sample
221124-al4m9seg68
-
MD5
168048d4468475733d83da3ebd2de086
-
SHA1
1a6b91f3eaf8a81a5a4a97a45110c77f1d90cadf
-
SHA256
476ae9f56ae458a9feec9a5f59133aee194a5855e4e71b2617355aec225d20cc
-
SHA512
44113b8518ef4c59acc1f690a6dcd5ae8dad4e9878f1f3d7cbaea5952a0bba9b1acc703d9a3f3fa111594fe9aec6054e136efd4e224aba006a6ec3ff278104b5
-
SSDEEP
6144:5Ec0f7XP+g3AGJpWVzunhYrgns+XuCKnvmb7/D263VAPL8R8FUjcWMHu9tmuE79m:R27/XvLWpuhogns+XuCKnvmb7/D263Qq
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
476ae9f56ae458a9feec9a5f59133aee194a5855e4e71b2617355aec225d20cc
-
Size
356KB
-
MD5
168048d4468475733d83da3ebd2de086
-
SHA1
1a6b91f3eaf8a81a5a4a97a45110c77f1d90cadf
-
SHA256
476ae9f56ae458a9feec9a5f59133aee194a5855e4e71b2617355aec225d20cc
-
SHA512
44113b8518ef4c59acc1f690a6dcd5ae8dad4e9878f1f3d7cbaea5952a0bba9b1acc703d9a3f3fa111594fe9aec6054e136efd4e224aba006a6ec3ff278104b5
-
SSDEEP
6144:5Ec0f7XP+g3AGJpWVzunhYrgns+XuCKnvmb7/D263VAPL8R8FUjcWMHu9tmuE79m:R27/XvLWpuhogns+XuCKnvmb7/D263Qq
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-