General
-
Target
23c66b2b9d28c3e0876e5c90807b5d34685b67b073600241fece8533169e3aed
-
Size
120KB
-
Sample
240424-rb18tsbb58
-
MD5
cebed667b3a471e339078fdd942c2850
-
SHA1
ed14da58f6faa33d158f49ef6b0b5a4041e6cb3c
-
SHA256
23c66b2b9d28c3e0876e5c90807b5d34685b67b073600241fece8533169e3aed
-
SHA512
0961ff9b42eb308627fdaf8bb57d8d6659ffb10068d17827a59b18ef78e381a95bddc3a98007106e1544e3ef4a9db441e00194e3417a7d5475b86840be5df75d
-
SSDEEP
3072:eMZu+FeCnIyznifZ/fW9PyOq1o6xYq3Xb4R:7eNy+Bg+3X
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
23c66b2b9d28c3e0876e5c90807b5d34685b67b073600241fece8533169e3aed
-
Size
120KB
-
MD5
cebed667b3a471e339078fdd942c2850
-
SHA1
ed14da58f6faa33d158f49ef6b0b5a4041e6cb3c
-
SHA256
23c66b2b9d28c3e0876e5c90807b5d34685b67b073600241fece8533169e3aed
-
SHA512
0961ff9b42eb308627fdaf8bb57d8d6659ffb10068d17827a59b18ef78e381a95bddc3a98007106e1544e3ef4a9db441e00194e3417a7d5475b86840be5df75d
-
SSDEEP
3072:eMZu+FeCnIyznifZ/fW9PyOq1o6xYq3Xb4R:7eNy+Bg+3X
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3