General
-
Target
NEAS.43c71d4079545c8374c7cebcd50b9690.exe
-
Size
164KB
-
Sample
231021-z5x29sed34
-
MD5
43c71d4079545c8374c7cebcd50b9690
-
SHA1
68e094b4f9ce18dbb42f10e566dac10fbf7fe672
-
SHA256
9d34edb69897d7c523a7edd3b6c87a88d45be419c0cce1970fdbdcd64cc96019
-
SHA512
71088e8bc0181d46ef9afe762645a3d110f97534c56bc73e34e1d4d1a2466f0dbcca7f7b3ee91ef324b7a011f60793487807377d5835a30d7a302cf93263b8dd
-
SSDEEP
3072:0NQKPWDyiI0hJltZrpRRyvu9m9Z8CjzK5eZa8LXY3T8hWqMk+Q5Tc3HBNeSt:0NSDyiISthpsuQ38CjmgJw81R+QpyBQM
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.43c71d4079545c8374c7cebcd50b9690.exe
-
Size
164KB
-
MD5
43c71d4079545c8374c7cebcd50b9690
-
SHA1
68e094b4f9ce18dbb42f10e566dac10fbf7fe672
-
SHA256
9d34edb69897d7c523a7edd3b6c87a88d45be419c0cce1970fdbdcd64cc96019
-
SHA512
71088e8bc0181d46ef9afe762645a3d110f97534c56bc73e34e1d4d1a2466f0dbcca7f7b3ee91ef324b7a011f60793487807377d5835a30d7a302cf93263b8dd
-
SSDEEP
3072:0NQKPWDyiI0hJltZrpRRyvu9m9Z8CjzK5eZa8LXY3T8hWqMk+Q5Tc3HBNeSt:0NSDyiISthpsuQ38CjmgJw81R+QpyBQM
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1