General
-
Target
2024-03-31_b4b8ce1245a4a885bfb01fe1b5ed2b43_icedid
-
Size
1.3MB
-
Sample
240331-pfkersbg23
-
MD5
b4b8ce1245a4a885bfb01fe1b5ed2b43
-
SHA1
a53c3c17ed1b897df3a74fe93e13ae08b5fc2515
-
SHA256
23a54390c2028da8bbe9f43d95029a07f6de42f1a7c2c8615b4c448a4babf474
-
SHA512
4221c2805fba8f37578224d1342c77287a6a165f78ed9b7e64c2ea2b9e56983d44e7b3acb8f107448b223738cad2288dc16f06bb1009e63c49414ed5699b5188
-
SSDEEP
24576:6CwmeTQMumshD8MpNSYEPSgk+4VKLdB46/hMBqKPUBNB5IJgEXJYcUXPLTECTy/a:61TQhhgM3SfPSgklVMdB463gJgE5tUfl
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-03-31_b4b8ce1245a4a885bfb01fe1b5ed2b43_icedid
-
Size
1.3MB
-
MD5
b4b8ce1245a4a885bfb01fe1b5ed2b43
-
SHA1
a53c3c17ed1b897df3a74fe93e13ae08b5fc2515
-
SHA256
23a54390c2028da8bbe9f43d95029a07f6de42f1a7c2c8615b4c448a4babf474
-
SHA512
4221c2805fba8f37578224d1342c77287a6a165f78ed9b7e64c2ea2b9e56983d44e7b3acb8f107448b223738cad2288dc16f06bb1009e63c49414ed5699b5188
-
SSDEEP
24576:6CwmeTQMumshD8MpNSYEPSgk+4VKLdB46/hMBqKPUBNB5IJgEXJYcUXPLTECTy/a:61TQhhgM3SfPSgklVMdB463gJgE5tUfl
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1