General
-
Target
NEAS.20eb72fd21aeb585531377b97caeacb0_JC.exe
-
Size
1.5MB
-
Sample
231016-vb2q5scd48
-
MD5
20eb72fd21aeb585531377b97caeacb0
-
SHA1
e6834dd1f8867df5e28b6ffe7fd493faa1a0c12d
-
SHA256
210c234f0aa9eb24e3ae39948ae069e41c84a55c1b7117e6489123ad62f656f2
-
SHA512
f22b663d3b0994a26ab82ba5915e0f05cb9ebe4a7643a4f8a03d5853fcdb9ba7348ff15137617c6f7da46c0d190372ce7d01adefd700b48cee97f8161053f369
-
SSDEEP
49152:r0ibuGD1U0YRIbehmMA4xp4O8b8ITDnljS:rIRe9S
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
NEAS.20eb72fd21aeb585531377b97caeacb0_JC.exe
-
Size
1.5MB
-
MD5
20eb72fd21aeb585531377b97caeacb0
-
SHA1
e6834dd1f8867df5e28b6ffe7fd493faa1a0c12d
-
SHA256
210c234f0aa9eb24e3ae39948ae069e41c84a55c1b7117e6489123ad62f656f2
-
SHA512
f22b663d3b0994a26ab82ba5915e0f05cb9ebe4a7643a4f8a03d5853fcdb9ba7348ff15137617c6f7da46c0d190372ce7d01adefd700b48cee97f8161053f369
-
SSDEEP
49152:r0ibuGD1U0YRIbehmMA4xp4O8b8ITDnljS:rIRe9S
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1