General
-
Target
2023-08-26_1adbaf77a21a086c9beaad1e29aded97_magniber_JC.exe
-
Size
2.4MB
-
Sample
230917-njl74aaa2v
-
MD5
1adbaf77a21a086c9beaad1e29aded97
-
SHA1
3198833d576b104cf16a91a6efadf0e626bdd0d5
-
SHA256
e21f1a6bb4a1e5bbfcc1d6e4a8d493a789f1cef55e5a99c1e8e6130f247517b3
-
SHA512
8be393e4e2430512a0279ecae4fb4b8eb1af7204463995189734dc0dab585d2de8bc595c9d054ce78cc9ced3635789212603b9b2ee109158f2b1eef5000e8562
-
SSDEEP
49152:K2pnbbvUg7XXNIc57Fy5HlSVeq0QmH3h9anq3UdDjsGfJtTajLiBjzvNQ:hL5HqccXrL3UFjRfJwiE
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2023-08-26_1adbaf77a21a086c9beaad1e29aded97_magniber_JC.exe
-
Size
2.4MB
-
MD5
1adbaf77a21a086c9beaad1e29aded97
-
SHA1
3198833d576b104cf16a91a6efadf0e626bdd0d5
-
SHA256
e21f1a6bb4a1e5bbfcc1d6e4a8d493a789f1cef55e5a99c1e8e6130f247517b3
-
SHA512
8be393e4e2430512a0279ecae4fb4b8eb1af7204463995189734dc0dab585d2de8bc595c9d054ce78cc9ced3635789212603b9b2ee109158f2b1eef5000e8562
-
SSDEEP
49152:K2pnbbvUg7XXNIc57Fy5HlSVeq0QmH3h9anq3UdDjsGfJtTajLiBjzvNQ:hL5HqccXrL3UFjRfJwiE
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5