General
-
Target
06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56
-
Size
2.8MB
-
Sample
240417-m381jaec8x
-
MD5
f310ba4fb49fc16adcdbf496cf10d0b9
-
SHA1
da20ab2693953887be2733463dd611fb7a663fb5
-
SHA256
06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56
-
SHA512
6f00d2814f3d0f9f005fe8418c8e0a8984e122a4936afa77b95890d8b0885e9f613df5fc4183eace60492ceb15d4e91e6775e77bebf38c9b7e6e76cb44af60a2
-
SSDEEP
49152:TXsWHXechxxMKou3Sjd140gihhMP+W70cjib1FZTeAL8z:TlHX5hxxbou6sYjW7LJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56
-
Size
2.8MB
-
MD5
f310ba4fb49fc16adcdbf496cf10d0b9
-
SHA1
da20ab2693953887be2733463dd611fb7a663fb5
-
SHA256
06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56
-
SHA512
6f00d2814f3d0f9f005fe8418c8e0a8984e122a4936afa77b95890d8b0885e9f613df5fc4183eace60492ceb15d4e91e6775e77bebf38c9b7e6e76cb44af60a2
-
SSDEEP
49152:TXsWHXechxxMKou3Sjd140gihhMP+W70cjib1FZTeAL8z:TlHX5hxxbou6sYjW7LJ
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1