General
-
Target
2d31ccefd5a4f7ea3be398ec745351ccc2b19f72b55cb60e3973841b54bc0333
-
Size
2.2MB
-
Sample
231012-eapr7adb8t
-
MD5
1453a5184f5058e9158c7e9aa4a07752
-
SHA1
831c07702b87aeef057d255544451f97ec223ede
-
SHA256
2d31ccefd5a4f7ea3be398ec745351ccc2b19f72b55cb60e3973841b54bc0333
-
SHA512
7ea739b11a312e30c254a34b97a4af1cfdce3bbc6b9167253bbd0fa36066bc6698ddc40d72aeaf47c14a534f40ea3cde9b233ca05fec01dc410b18044d20a7bd
-
SSDEEP
49152:V37ouggggMBwEVKE089Phy9kMqzZZrKP/hN3toKP:VLVEVKww9kfrghJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2d31ccefd5a4f7ea3be398ec745351ccc2b19f72b55cb60e3973841b54bc0333
-
Size
2.2MB
-
MD5
1453a5184f5058e9158c7e9aa4a07752
-
SHA1
831c07702b87aeef057d255544451f97ec223ede
-
SHA256
2d31ccefd5a4f7ea3be398ec745351ccc2b19f72b55cb60e3973841b54bc0333
-
SHA512
7ea739b11a312e30c254a34b97a4af1cfdce3bbc6b9167253bbd0fa36066bc6698ddc40d72aeaf47c14a534f40ea3cde9b233ca05fec01dc410b18044d20a7bd
-
SSDEEP
49152:V37ouggggMBwEVKE089Phy9kMqzZZrKP/hN3toKP:VLVEVKww9kfrghJ
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1