General
-
Target
7eaaac45341db1fbc054802508cac82b
-
Size
100KB
-
Sample
231226-vjcf8aeedn
-
MD5
7eaaac45341db1fbc054802508cac82b
-
SHA1
88f2315251b1c8be0ad62aa6f23903bfae9e0d69
-
SHA256
7cf4da933761682884f4c6f15f17d14d3ab7a84acb9e22f25c8c31507457e118
-
SHA512
82e3018da937f7008311f35b648abda9f596129c2b90bef9bffcbd35bcccd77c16060d215ca9549ba2c2f4c89fa2e10afe303e0c11ba7a5c6fe8737883ecb3db
-
SSDEEP
1536:CJXTV+29KItWh8MBEuKV1wWF3dhjk6DaIM0vKu33hS3sV7:kXTVT5tWh8aQVhF33k6+IM0SES3
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
7eaaac45341db1fbc054802508cac82b
-
Size
100KB
-
MD5
7eaaac45341db1fbc054802508cac82b
-
SHA1
88f2315251b1c8be0ad62aa6f23903bfae9e0d69
-
SHA256
7cf4da933761682884f4c6f15f17d14d3ab7a84acb9e22f25c8c31507457e118
-
SHA512
82e3018da937f7008311f35b648abda9f596129c2b90bef9bffcbd35bcccd77c16060d215ca9549ba2c2f4c89fa2e10afe303e0c11ba7a5c6fe8737883ecb3db
-
SSDEEP
1536:CJXTV+29KItWh8MBEuKV1wWF3dhjk6DaIM0vKu33hS3sV7:kXTVT5tWh8aQVhF33k6+IM0SES3
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1