General
-
Target
NEAS.c1c6ec73f119d29e291a9d210e358190_JC.exe
-
Size
120KB
-
Sample
231022-q51cysba25
-
MD5
c1c6ec73f119d29e291a9d210e358190
-
SHA1
787e8a02409481e4c7d373a7b3765ae9b164b5a0
-
SHA256
2bf23221b0f792ff252903524ca7d21cbd5b08708672f17e93ead19631932214
-
SHA512
815c385045831ccbeb9b099525eb1491d88df78e9a0749f6466684d3aef34ecf106bd4cba62d27c22bad7fb6c7ed65fd68d145715f9ef719acca01cca5ca2461
-
SSDEEP
1536:JGebj6QFRaneZZ85dhVIi1hGjeHhQCQTgM6tFjZfR+i0EvD29R4x1Y:JGMnKe4jhhh7cOtFjx4o29R4x
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.c1c6ec73f119d29e291a9d210e358190_JC.exe
-
Size
120KB
-
MD5
c1c6ec73f119d29e291a9d210e358190
-
SHA1
787e8a02409481e4c7d373a7b3765ae9b164b5a0
-
SHA256
2bf23221b0f792ff252903524ca7d21cbd5b08708672f17e93ead19631932214
-
SHA512
815c385045831ccbeb9b099525eb1491d88df78e9a0749f6466684d3aef34ecf106bd4cba62d27c22bad7fb6c7ed65fd68d145715f9ef719acca01cca5ca2461
-
SSDEEP
1536:JGebj6QFRaneZZ85dhVIi1hGjeHhQCQTgM6tFjZfR+i0EvD29R4x1Y:JGMnKe4jhhh7cOtFjx4o29R4x
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5