General
-
Target
2b9dfbcbb6562dcc6224d73b7483682f4e913f3e7f41d6e8a2204400ddb7feb3
-
Size
140KB
-
Sample
221204-bx8l2aad9y
-
MD5
1e39eb571cd12cc426cb5cb26c370940
-
SHA1
8d936b9e36cac7c31e2b7a166682683fcc810514
-
SHA256
2b9dfbcbb6562dcc6224d73b7483682f4e913f3e7f41d6e8a2204400ddb7feb3
-
SHA512
fa07804157373ec5b59a5d6c6c43a7b0032ce82d263eb1f90dd0144e687fa34df672d180ec041a38defe618377874f573a9efbc38dfe70d86b5a39d0830d0233
-
SSDEEP
1536:Gs2/ng/CoNkt4z4vuyE8lZwJtFSPHl9RhTf0IwB6O1xK/QdDpSx2:k4/C4ktQ4vuyBr8tAX6BJ1x5dwx2
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2b9dfbcbb6562dcc6224d73b7483682f4e913f3e7f41d6e8a2204400ddb7feb3
-
Size
140KB
-
MD5
1e39eb571cd12cc426cb5cb26c370940
-
SHA1
8d936b9e36cac7c31e2b7a166682683fcc810514
-
SHA256
2b9dfbcbb6562dcc6224d73b7483682f4e913f3e7f41d6e8a2204400ddb7feb3
-
SHA512
fa07804157373ec5b59a5d6c6c43a7b0032ce82d263eb1f90dd0144e687fa34df672d180ec041a38defe618377874f573a9efbc38dfe70d86b5a39d0830d0233
-
SSDEEP
1536:Gs2/ng/CoNkt4z4vuyE8lZwJtFSPHl9RhTf0IwB6O1xK/QdDpSx2:k4/C4ktQ4vuyBr8tAX6BJ1x5dwx2
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-