General
-
Target
ef6e817864135d344c8dfaa52e1eebbe8adbe988b7d7e4cbddce4a0508261103
-
Size
3.4MB
-
Sample
240309-emp9gsce45
-
MD5
768432e930cc9cc67b545cdc10528100
-
SHA1
14390cdb14a87e58516cbbf91a7bd49d88d8dd9a
-
SHA256
ef6e817864135d344c8dfaa52e1eebbe8adbe988b7d7e4cbddce4a0508261103
-
SHA512
8d6fcf208af6cbcd8020788998670ac7d174cbce78875637ca5a8c729efc8cda715effbf8cb564da2fb814ded781dd81f5b112001b31e87ce7ed7cfb939d2e26
-
SSDEEP
49152:Dycj8Q4Zp2Q+8vc7sAh1ltRE6K6t7SZRBDOIe7d4W9LVsAHXdwu0O1G:Wcj8JZpn+8vcAASduQe54Wzyu0OE
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ef6e817864135d344c8dfaa52e1eebbe8adbe988b7d7e4cbddce4a0508261103
-
Size
3.4MB
-
MD5
768432e930cc9cc67b545cdc10528100
-
SHA1
14390cdb14a87e58516cbbf91a7bd49d88d8dd9a
-
SHA256
ef6e817864135d344c8dfaa52e1eebbe8adbe988b7d7e4cbddce4a0508261103
-
SHA512
8d6fcf208af6cbcd8020788998670ac7d174cbce78875637ca5a8c729efc8cda715effbf8cb564da2fb814ded781dd81f5b112001b31e87ce7ed7cfb939d2e26
-
SSDEEP
49152:Dycj8Q4Zp2Q+8vc7sAh1ltRE6K6t7SZRBDOIe7d4W9LVsAHXdwu0O1G:Wcj8JZpn+8vcAASduQe54Wzyu0OE
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1