General
-
Target
2a9b942ae228fad9af0ce9470007c7903c76f540519d90b88993aa9756c0286f
-
Size
793KB
-
Sample
240424-ajsg8ada2z
-
MD5
be2e2093bf48158d89dd3660d6a8a86c
-
SHA1
2479209e9cae84ee4113395864e1b03d056ee8d1
-
SHA256
2a9b942ae228fad9af0ce9470007c7903c76f540519d90b88993aa9756c0286f
-
SHA512
ebc9bc9503a089edf48e320f83b5c19603ddf78e2e0e5ffe570c6e3b0f92005f60efaad3e14d4d1d08dbc3a7aa7271f8647f78e0639402020781b738314c78cd
-
SSDEEP
24576:cuy30NgLDLGBrz1GKTKK4KKDyK5FZ1EEEEmEEE1EEEEEEEEEEElKK1KKK1KKKgdb:9uLmpzwKTKK4KKDyK5FZ1EEEEmEEE1E6
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2a9b942ae228fad9af0ce9470007c7903c76f540519d90b88993aa9756c0286f
-
Size
793KB
-
MD5
be2e2093bf48158d89dd3660d6a8a86c
-
SHA1
2479209e9cae84ee4113395864e1b03d056ee8d1
-
SHA256
2a9b942ae228fad9af0ce9470007c7903c76f540519d90b88993aa9756c0286f
-
SHA512
ebc9bc9503a089edf48e320f83b5c19603ddf78e2e0e5ffe570c6e3b0f92005f60efaad3e14d4d1d08dbc3a7aa7271f8647f78e0639402020781b738314c78cd
-
SSDEEP
24576:cuy30NgLDLGBrz1GKTKK4KKDyK5FZ1EEEEmEEE1EEEEEEEEEEElKK1KKK1KKKgdb:9uLmpzwKTKK4KKDyK5FZ1EEEEmEEE1E6
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1