General
-
Target
6570a2bd9a6a88fd386bf1425db80833df13e5d2e455936f7a6bf17138905e9f
-
Size
1.4MB
-
Sample
231016-cfgyesbb7t
-
MD5
247ac685e238b8edcc95875e5303ec40
-
SHA1
6ac20bb4eaf13eda1f1411755195a02e81517bc4
-
SHA256
6570a2bd9a6a88fd386bf1425db80833df13e5d2e455936f7a6bf17138905e9f
-
SHA512
6f12e6999664f87184a26a71d14a6775c53a19256022fd198b9ea415d216ab21fa746fc2cbbeddc54dd5debc4e5fedbfe8bcaf9eea38e37802e025d1d018a235
-
SSDEEP
24576:YNWr3f/sXb7tVo2QxY1Yh8zLf0BaMiaKNwURcx/l9DOFBHq:u4PUftuxYM8zLGaTNzRE/HDOFNq
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6570a2bd9a6a88fd386bf1425db80833df13e5d2e455936f7a6bf17138905e9f
-
Size
1.4MB
-
MD5
247ac685e238b8edcc95875e5303ec40
-
SHA1
6ac20bb4eaf13eda1f1411755195a02e81517bc4
-
SHA256
6570a2bd9a6a88fd386bf1425db80833df13e5d2e455936f7a6bf17138905e9f
-
SHA512
6f12e6999664f87184a26a71d14a6775c53a19256022fd198b9ea415d216ab21fa746fc2cbbeddc54dd5debc4e5fedbfe8bcaf9eea38e37802e025d1d018a235
-
SSDEEP
24576:YNWr3f/sXb7tVo2QxY1Yh8zLf0BaMiaKNwURcx/l9DOFBHq:u4PUftuxYM8zLGaTNzRE/HDOFNq
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5