General
-
Target
a66a07763dfba28d9aebdbdacee0271ac103251724170faa8c77ed78b470ac10
-
Size
574KB
-
Sample
231231-qww9yafhg4
-
MD5
96aaf1b065e446e71ca09559ebcdd02a
-
SHA1
088a4df41752098ddf743e0e6a135f46bdfdf9e4
-
SHA256
a66a07763dfba28d9aebdbdacee0271ac103251724170faa8c77ed78b470ac10
-
SHA512
3d8ed6390101953d120b4ee88d20bb5eb165c6ef8c36eb5238952a7385cff1ee4c03512dfa046924a32c13ba2ddc7172b7ff57cb34d076b942b3d53af5e5097c
-
SSDEEP
12288:hDiWuk7gtaGGWyurkV5M8/x/B7CQ42iL0:1u4NGryFt4HL
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a66a07763dfba28d9aebdbdacee0271ac103251724170faa8c77ed78b470ac10
-
Size
574KB
-
MD5
96aaf1b065e446e71ca09559ebcdd02a
-
SHA1
088a4df41752098ddf743e0e6a135f46bdfdf9e4
-
SHA256
a66a07763dfba28d9aebdbdacee0271ac103251724170faa8c77ed78b470ac10
-
SHA512
3d8ed6390101953d120b4ee88d20bb5eb165c6ef8c36eb5238952a7385cff1ee4c03512dfa046924a32c13ba2ddc7172b7ff57cb34d076b942b3d53af5e5097c
-
SSDEEP
12288:hDiWuk7gtaGGWyurkV5M8/x/B7CQ42iL0:1u4NGryFt4HL
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1