General
-
Target
NEAS.397c7509958396d9221799e34ab973a0.exe
-
Size
392KB
-
Sample
231021-z5aa7sdh73
-
MD5
397c7509958396d9221799e34ab973a0
-
SHA1
243adebe7155c54ea96194dd5ede5589e6e6e56a
-
SHA256
14833659f5bc8438d9dba4deaddbe6e3fd5ecde6d1457745667a2b0b3d6c5f7d
-
SHA512
b756929ca731fb18bfc832bb385f905dd49e5ea9ee83fdce0f516b77af5b22161a197c359911d0ac89b88e60f82a169bdc284ea9acc79e8a8ac6fc5116240c5a
-
SSDEEP
3072:gcmVWv5ltbmP3Q7yJzdJW7/Wf5NWUWdnz7XzyS6AXb0BZqarWPy/37cLAyF2IRjg:HmdIcbW7/Wf5NWUmX4BT+E7c7iSu
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
NEAS.397c7509958396d9221799e34ab973a0.exe
-
Size
392KB
-
MD5
397c7509958396d9221799e34ab973a0
-
SHA1
243adebe7155c54ea96194dd5ede5589e6e6e56a
-
SHA256
14833659f5bc8438d9dba4deaddbe6e3fd5ecde6d1457745667a2b0b3d6c5f7d
-
SHA512
b756929ca731fb18bfc832bb385f905dd49e5ea9ee83fdce0f516b77af5b22161a197c359911d0ac89b88e60f82a169bdc284ea9acc79e8a8ac6fc5116240c5a
-
SSDEEP
3072:gcmVWv5ltbmP3Q7yJzdJW7/Wf5NWUWdnz7XzyS6AXb0BZqarWPy/37cLAyF2IRjg:HmdIcbW7/Wf5NWUmX4BT+E7c7iSu
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1