General
-
Target
2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
-
Size
304KB
-
Sample
221128-yg65lacb27
-
MD5
9a1174fb32ed8aa6e98cde6b7be2fc30
-
SHA1
0319ff3cc7a4da50dc92bad93d523dc3410cb0dc
-
SHA256
2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
-
SHA512
cf367545fbc1831dff45d15604178eac77b052960d294ca9d077f4834467932311b86aed2a2f437300c9603eb8c3d85a8ac36a1fc8148db865942974c976c069
-
SSDEEP
6144:5zty2epNT3bn7B/ZdgP8COz1BEKa4kXdU8i2:5ztMnrj7BZdgrOz1BEKwXd02
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
-
Size
304KB
-
MD5
9a1174fb32ed8aa6e98cde6b7be2fc30
-
SHA1
0319ff3cc7a4da50dc92bad93d523dc3410cb0dc
-
SHA256
2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
-
SHA512
cf367545fbc1831dff45d15604178eac77b052960d294ca9d077f4834467932311b86aed2a2f437300c9603eb8c3d85a8ac36a1fc8148db865942974c976c069
-
SSDEEP
6144:5zty2epNT3bn7B/ZdgP8COz1BEKa4kXdU8i2:5ztMnrj7BZdgrOz1BEKwXd02
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-