General
-
Target
bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
-
Size
1.0MB
-
Sample
231011-fmyrasah5t
-
MD5
2a9b045a36f3f09a6bf146bdb297e612
-
SHA1
378f3ab33e146aaaa8ceaa97233a077b267065c1
-
SHA256
bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
-
SHA512
fabc0dfa89eee3c0f56639ff5170b1d909c9fbad1395cfed2c4454e4aa78ffa64d93fcd97d0e41293f3a7b347edfb5ffdf84a7d8e2ccf90524200eecf6d47dd1
-
SSDEEP
24576:dxy2f/TBypeljDI9GKFV+eee12Frp/s69c:/yQTBplMGKFVSeEAp
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
-
Size
1.0MB
-
MD5
2a9b045a36f3f09a6bf146bdb297e612
-
SHA1
378f3ab33e146aaaa8ceaa97233a077b267065c1
-
SHA256
bfa32e353c58cc7806ab45537db4c272de0d8057b49b2aecd3b55f0fed7cbec4
-
SHA512
fabc0dfa89eee3c0f56639ff5170b1d909c9fbad1395cfed2c4454e4aa78ffa64d93fcd97d0e41293f3a7b347edfb5ffdf84a7d8e2ccf90524200eecf6d47dd1
-
SSDEEP
24576:dxy2f/TBypeljDI9GKFV+eee12Frp/s69c:/yQTBplMGKFVSeEAp
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6