General
-
Target
6b4776f86400c9888e7dec745eeb2120_exe32.exe
-
Size
270KB
-
Sample
231015-yc2pbaea25
-
MD5
6b4776f86400c9888e7dec745eeb2120
-
SHA1
58e1d6958a694f997acf19f83799f19426548f80
-
SHA256
77468b1526ffcbdf7d1c363b62237f4e8c63f384a5a08b6d72c60f2177d90f7c
-
SHA512
526160cf6d13aec962e033ba0f56bd4261fae0b68e5a2b7c8f5f19194e3793cebea2a2479428a142aab3e202e1741d1d8279479b4213b3f4b5bbcc16083ac336
-
SSDEEP
3072:yLoxnEYsnRH1i0NEoeWBwjXx7WUHKloXmZ:yLo9+b4WmjXgoXm
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6b4776f86400c9888e7dec745eeb2120_exe32.exe
-
Size
270KB
-
MD5
6b4776f86400c9888e7dec745eeb2120
-
SHA1
58e1d6958a694f997acf19f83799f19426548f80
-
SHA256
77468b1526ffcbdf7d1c363b62237f4e8c63f384a5a08b6d72c60f2177d90f7c
-
SHA512
526160cf6d13aec962e033ba0f56bd4261fae0b68e5a2b7c8f5f19194e3793cebea2a2479428a142aab3e202e1741d1d8279479b4213b3f4b5bbcc16083ac336
-
SSDEEP
3072:yLoxnEYsnRH1i0NEoeWBwjXx7WUHKloXmZ:yLo9+b4WmjXgoXm
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1