General
-
Target
2024-03-27_5df880db7ad4ac1ae69143167aac5942_magniber
-
Size
2.3MB
-
Sample
240327-psg56scb39
-
MD5
5df880db7ad4ac1ae69143167aac5942
-
SHA1
9014001e7f2cb26c4a9ea190e72a278e1e512050
-
SHA256
45388a33bd65b864aef666cab17319ab07c23f507733f0916b9663ab76ae3a7f
-
SHA512
3b747e4ca81b565bd128b83bb9600f12b3346740e69ef858e6969ef7e98d52c516eadfbc755444c03b5feb755dc9731eb9abd79660987dfe0466308c9273cf4a
-
SSDEEP
49152:R5nGiIQfBK018u4H28Xfjb+re6eu3ZKDOEfo+vqBC9JL2qOhH/v0:/nNhBp8u4H28r16zfLB7u
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-03-27_5df880db7ad4ac1ae69143167aac5942_magniber
-
Size
2.3MB
-
MD5
5df880db7ad4ac1ae69143167aac5942
-
SHA1
9014001e7f2cb26c4a9ea190e72a278e1e512050
-
SHA256
45388a33bd65b864aef666cab17319ab07c23f507733f0916b9663ab76ae3a7f
-
SHA512
3b747e4ca81b565bd128b83bb9600f12b3346740e69ef858e6969ef7e98d52c516eadfbc755444c03b5feb755dc9731eb9abd79660987dfe0466308c9273cf4a
-
SSDEEP
49152:R5nGiIQfBK018u4H28Xfjb+re6eu3ZKDOEfo+vqBC9JL2qOhH/v0:/nNhBp8u4H28r16zfLB7u
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1