General
-
Target
NEAS.5459450f1abd717a43f4fe0996d1c480.exe
-
Size
652KB
-
Sample
231016-wzerysfa96
-
MD5
5459450f1abd717a43f4fe0996d1c480
-
SHA1
11dc757a40c54c7bafa8d52a486af219460accaf
-
SHA256
a163b802826ede7ee697f8ab2e235ecb811366b9d37317928dadb4ee5d4171a9
-
SHA512
775ce57bb70385244075543095f870294a8dcb6beb93d2f654c6376f81b2f3f79bd73538f3bff001527c21c3b37b0d2d51e1d8ec2d521f1149ce12e16aac9881
-
SSDEEP
12288:gla1NZGYDJokhAHmdQ9kpFIshSshSshYa5w96B72U:glatJokdQ9kp6shSshSshj72U
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
NEAS.5459450f1abd717a43f4fe0996d1c480.exe
-
Size
652KB
-
MD5
5459450f1abd717a43f4fe0996d1c480
-
SHA1
11dc757a40c54c7bafa8d52a486af219460accaf
-
SHA256
a163b802826ede7ee697f8ab2e235ecb811366b9d37317928dadb4ee5d4171a9
-
SHA512
775ce57bb70385244075543095f870294a8dcb6beb93d2f654c6376f81b2f3f79bd73538f3bff001527c21c3b37b0d2d51e1d8ec2d521f1149ce12e16aac9881
-
SSDEEP
12288:gla1NZGYDJokhAHmdQ9kpFIshSshSshYa5w96B72U:glatJokdQ9kp6shSshSshj72U
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1