General
-
Target
3d31495fde06ef863b6329e10c7e2b36
-
Size
2.0MB
-
Sample
240101-spt74sdagm
-
MD5
3d31495fde06ef863b6329e10c7e2b36
-
SHA1
009c7a5613cf1a40d8d66125fb3f8bc5d4d7421d
-
SHA256
4fcf0646115caf99906d408db509176f08112ac4147c752a3680d9fe38a81047
-
SHA512
4ded24c11c0e2fa8464462e0f1c1bffcccae2714a0c336cf659fc0c0720605ca5519fbc3328625f2c54379672c266b6fdbeff77e6e71499690e32d10976eecbc
-
SSDEEP
49152:cuDF9L7lS4IEj/FZh9zz3yYh3Y2F1sxjOLkp4deFPY8/S:cuH77LFZh4YFY2j4Owp4kFg8q
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3d31495fde06ef863b6329e10c7e2b36
-
Size
2.0MB
-
MD5
3d31495fde06ef863b6329e10c7e2b36
-
SHA1
009c7a5613cf1a40d8d66125fb3f8bc5d4d7421d
-
SHA256
4fcf0646115caf99906d408db509176f08112ac4147c752a3680d9fe38a81047
-
SHA512
4ded24c11c0e2fa8464462e0f1c1bffcccae2714a0c336cf659fc0c0720605ca5519fbc3328625f2c54379672c266b6fdbeff77e6e71499690e32d10976eecbc
-
SSDEEP
49152:cuDF9L7lS4IEj/FZh9zz3yYh3Y2F1sxjOLkp4deFPY8/S:cuH77LFZh4YFY2j4Owp4kFg8q
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1