General
-
Target
79f77c8d8a9ce313f3d1f55c273778572c70e03164bda384985bd4416539881b
-
Size
3.6MB
-
Sample
230822-xbtrmsgb5y
-
MD5
d5131732f42b79db72f914fabd6e91e3
-
SHA1
cb1822b05e57118433e4fe86fcb7437795e425ef
-
SHA256
79f77c8d8a9ce313f3d1f55c273778572c70e03164bda384985bd4416539881b
-
SHA512
0426fb96bed067f929601c9049045960db5e3cac621590560553f525794b6908b9af73d1ab1b5b368a9bc85adb86623c6fd620467aa0adfc7f21e5fe48a1246f
-
SSDEEP
98304:ytHautEXQtFfXLYyU3M0+4GYpm+hln4CqLqopxpygsZV97z:yBaObV+M0+4GKzhu1PygSV93
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
79f77c8d8a9ce313f3d1f55c273778572c70e03164bda384985bd4416539881b
-
Size
3.6MB
-
MD5
d5131732f42b79db72f914fabd6e91e3
-
SHA1
cb1822b05e57118433e4fe86fcb7437795e425ef
-
SHA256
79f77c8d8a9ce313f3d1f55c273778572c70e03164bda384985bd4416539881b
-
SHA512
0426fb96bed067f929601c9049045960db5e3cac621590560553f525794b6908b9af73d1ab1b5b368a9bc85adb86623c6fd620467aa0adfc7f21e5fe48a1246f
-
SSDEEP
98304:ytHautEXQtFfXLYyU3M0+4GYpm+hln4CqLqopxpygsZV97z:yBaObV+M0+4GKzhu1PygSV93
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1