General
-
Target
165cab9db576970321397570942137c9
-
Size
100KB
-
Sample
231224-2k5byseffr
-
MD5
165cab9db576970321397570942137c9
-
SHA1
a8598b247e45aa2d9a8a4a1483880a29eb33fc7b
-
SHA256
3fed5c7bef6277a6c5110876801f094108508cec03cb3bb9dd322983b4fff00e
-
SHA512
c7f5c9efc8e36dfd3b29a8ac258c1dca604c6569270b821f3e81e0fb041b46fdcf889321978124b9c4bf323106d83aa00fdb0db5878f0397ef20ae40cde86b62
-
SSDEEP
1536:06OWTBV+hyRiasFJD+gaEiVh1SK191+tzUy:fTahyRilEga7aokj
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
165cab9db576970321397570942137c9
-
Size
100KB
-
MD5
165cab9db576970321397570942137c9
-
SHA1
a8598b247e45aa2d9a8a4a1483880a29eb33fc7b
-
SHA256
3fed5c7bef6277a6c5110876801f094108508cec03cb3bb9dd322983b4fff00e
-
SHA512
c7f5c9efc8e36dfd3b29a8ac258c1dca604c6569270b821f3e81e0fb041b46fdcf889321978124b9c4bf323106d83aa00fdb0db5878f0397ef20ae40cde86b62
-
SSDEEP
1536:06OWTBV+hyRiasFJD+gaEiVh1SK191+tzUy:fTahyRilEga7aokj
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1