General
-
Target
1b3eb86965e47dbeff62ccdea7d906e5
-
Size
580KB
-
Sample
231224-31e8fahed9
-
MD5
1b3eb86965e47dbeff62ccdea7d906e5
-
SHA1
57505da9cf6dfcfe4af51347344e81f928ea7f36
-
SHA256
55ebc71efcb409e4aa1136ccb0297f451e6cd38548f9c84f6a9cdf0cfba23cdf
-
SHA512
68ffc93287818dfd3bb21d42f647cace5a94c718e82939db5599baad737a06e78dab5b884473d53b2464c980afa662fe0cd99fc1235ab92ba1225520368139bb
-
SSDEEP
12288:ciYmjbXuEViYmjbXCmjn8CLf8ePr5BImjbDwkcR0x:+SjuYSjCmjn8CLf8eDISyR0x
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1b3eb86965e47dbeff62ccdea7d906e5
-
Size
580KB
-
MD5
1b3eb86965e47dbeff62ccdea7d906e5
-
SHA1
57505da9cf6dfcfe4af51347344e81f928ea7f36
-
SHA256
55ebc71efcb409e4aa1136ccb0297f451e6cd38548f9c84f6a9cdf0cfba23cdf
-
SHA512
68ffc93287818dfd3bb21d42f647cace5a94c718e82939db5599baad737a06e78dab5b884473d53b2464c980afa662fe0cd99fc1235ab92ba1225520368139bb
-
SSDEEP
12288:ciYmjbXuEViYmjbXCmjn8CLf8ePr5BImjbDwkcR0x:+SjuYSjCmjn8CLf8eDISyR0x
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1