General
-
Target
NEAS.85a27aee90fe5ef001f773ff5a351480.exe
-
Size
120KB
-
Sample
231021-z9kbzagf67
-
MD5
85a27aee90fe5ef001f773ff5a351480
-
SHA1
be43feecfe393c6f1fdd0773c6fbe60159e7b982
-
SHA256
5e7489798edab05dca42a42f82191c26cd83c93463efec7421ab4033a47ab7f3
-
SHA512
3a04c7f62b6deedea4d323ecbadcc8adc927b74ad526b984b31a20f6ff212d2b7ec3cc73c1914a422f6c1df0ed5c54c84df5cf795b0eb70f6f8acc448624c517
-
SSDEEP
3072:arlS1XUAqp0Kmus4HO9VZSOlAu98wIC6NVZ:arQ1X02p9/lAa6CSf
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.85a27aee90fe5ef001f773ff5a351480.exe
-
Size
120KB
-
MD5
85a27aee90fe5ef001f773ff5a351480
-
SHA1
be43feecfe393c6f1fdd0773c6fbe60159e7b982
-
SHA256
5e7489798edab05dca42a42f82191c26cd83c93463efec7421ab4033a47ab7f3
-
SHA512
3a04c7f62b6deedea4d323ecbadcc8adc927b74ad526b984b31a20f6ff212d2b7ec3cc73c1914a422f6c1df0ed5c54c84df5cf795b0eb70f6f8acc448624c517
-
SSDEEP
3072:arlS1XUAqp0Kmus4HO9VZSOlAu98wIC6NVZ:arQ1X02p9/lAa6CSf
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1