General
-
Target
e4d59623b7f96b5ca0e05471825577a1ba06856b6db0ab5e6a00fe93469d69e1
-
Size
100KB
-
Sample
221205-py6qqaef51
-
MD5
a124c715834e2e609fe80807ba5b3620
-
SHA1
3319a2df4e66957c16856508faf539bf4ff8e07c
-
SHA256
e4d59623b7f96b5ca0e05471825577a1ba06856b6db0ab5e6a00fe93469d69e1
-
SHA512
cb4f72e07be2183d4fd0a7c52fc79f8c284a1e9f89b8d9f16ab400e9044b8ed99935f6d7fe6401fe2212f8fd4f5da08910bb6e2adf1de67a57a4cbb81c6a1d3c
-
SSDEEP
1536:HTNZ7V42QQmYArEgLQy5JovnaFv3Z9WTqLzZe/GYlcb:Z5VdmYAwLy8SF/KTqLzKlc
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
e4d59623b7f96b5ca0e05471825577a1ba06856b6db0ab5e6a00fe93469d69e1
-
Size
100KB
-
MD5
a124c715834e2e609fe80807ba5b3620
-
SHA1
3319a2df4e66957c16856508faf539bf4ff8e07c
-
SHA256
e4d59623b7f96b5ca0e05471825577a1ba06856b6db0ab5e6a00fe93469d69e1
-
SHA512
cb4f72e07be2183d4fd0a7c52fc79f8c284a1e9f89b8d9f16ab400e9044b8ed99935f6d7fe6401fe2212f8fd4f5da08910bb6e2adf1de67a57a4cbb81c6a1d3c
-
SSDEEP
1536:HTNZ7V42QQmYArEgLQy5JovnaFv3Z9WTqLzZe/GYlcb:Z5VdmYAwLy8SF/KTqLzKlc
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-