General
-
Target
NEAS.d6fd4078d43d3eb5d053b23f4d7ccb80.exe
-
Size
120KB
-
Sample
231013-zh7m7abb94
-
MD5
d6fd4078d43d3eb5d053b23f4d7ccb80
-
SHA1
d4c646877a0676dd984c95de1cf458f49df9d529
-
SHA256
a59c351ae5b18c8cc050c39941ad64bb1d1c8a7a9278acb9b7a13bd9e717e427
-
SHA512
19079c3f2a63ff032ed858bff1a084348765b58900ca81e52543c349ae2386bb638f3d8e68f64aa12fe0adc20f3b019ff7d3f1d1fdc7427c21ae535520aa57d2
-
SSDEEP
1536:dlBuDD9X4d8OS3ZEFmHxkGY7NXY8bRlM0pQloDXEGKh9LfIM7yoRmTZ99PFxU1:X29evF8nuRy0UaEGKh9LfIM7R29HW
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.d6fd4078d43d3eb5d053b23f4d7ccb80.exe
-
Size
120KB
-
MD5
d6fd4078d43d3eb5d053b23f4d7ccb80
-
SHA1
d4c646877a0676dd984c95de1cf458f49df9d529
-
SHA256
a59c351ae5b18c8cc050c39941ad64bb1d1c8a7a9278acb9b7a13bd9e717e427
-
SHA512
19079c3f2a63ff032ed858bff1a084348765b58900ca81e52543c349ae2386bb638f3d8e68f64aa12fe0adc20f3b019ff7d3f1d1fdc7427c21ae535520aa57d2
-
SSDEEP
1536:dlBuDD9X4d8OS3ZEFmHxkGY7NXY8bRlM0pQloDXEGKh9LfIM7yoRmTZ99PFxU1:X29evF8nuRy0UaEGKh9LfIM7R29HW
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5