General
-
Target
56929037580f9d8cad2d9d61313997bb0a76053e9a6f6f9a31b90f00b93a1790
-
Size
2.5MB
-
Sample
240417-khhxhaaa35
-
MD5
222f300183e8f484674d9b090b819e68
-
SHA1
f47116d15f80b5897ac2262daeb3680f056a73bd
-
SHA256
56929037580f9d8cad2d9d61313997bb0a76053e9a6f6f9a31b90f00b93a1790
-
SHA512
d20ba860b4a6112f74ba8ee74796ce1de7aa0de8f4720fea749e720fe49af8dd1e7ab098b884d37240f6823e1004b438e37561e49b4ffe8ff95eeaff88bd14d9
-
SSDEEP
49152:iRox1MVikgRgxmatMJ/2Xi/2sUkFjxfp9hsa:5x1MVOgxmat6uSjBZ2a
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
56929037580f9d8cad2d9d61313997bb0a76053e9a6f6f9a31b90f00b93a1790
-
Size
2.5MB
-
MD5
222f300183e8f484674d9b090b819e68
-
SHA1
f47116d15f80b5897ac2262daeb3680f056a73bd
-
SHA256
56929037580f9d8cad2d9d61313997bb0a76053e9a6f6f9a31b90f00b93a1790
-
SHA512
d20ba860b4a6112f74ba8ee74796ce1de7aa0de8f4720fea749e720fe49af8dd1e7ab098b884d37240f6823e1004b438e37561e49b4ffe8ff95eeaff88bd14d9
-
SSDEEP
49152:iRox1MVikgRgxmatMJ/2Xi/2sUkFjxfp9hsa:5x1MVOgxmat6uSjBZ2a
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1