General
-
Target
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
Size
2.0MB
-
Sample
240423-crs5tsbe79
-
MD5
f41ad1e9b99154dc5cc1b562c2166ca2
-
SHA1
3de885cc21dfa13fea14cb9d73bab6b09fb2b889
-
SHA256
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
SHA512
49d5ac77e9186b72067c28d6974d0aa1b82b20dc78913296876e04e0e8ced17336600b8b3bd8192053d940202af9feb732b4a38e3006ccafa6fb4856d7147960
-
SSDEEP
49152:47sM3dbEnmZgJH6iADNsNn/3JQErFu/fEHHhF/poL9WpTo5pp9P:hOdbEnMgJaB5mn/3JQf/snXpi9WpToZt
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
Size
2.0MB
-
MD5
f41ad1e9b99154dc5cc1b562c2166ca2
-
SHA1
3de885cc21dfa13fea14cb9d73bab6b09fb2b889
-
SHA256
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
SHA512
49d5ac77e9186b72067c28d6974d0aa1b82b20dc78913296876e04e0e8ced17336600b8b3bd8192053d940202af9feb732b4a38e3006ccafa6fb4856d7147960
-
SSDEEP
49152:47sM3dbEnmZgJH6iADNsNn/3JQErFu/fEHHhF/poL9WpTo5pp9P:hOdbEnMgJaB5mn/3JQf/snXpi9WpToZt
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3