General
-
Target
91284ca609eaaca1bc45c89f0f5f1c404b6693c0585739e10af927a82aa8564c
-
Size
2.6MB
-
Sample
240428-alr98sca6t
-
MD5
470b23e465b8371e1e60dd7a648d9fab
-
SHA1
60c257da0c999fef352645256395337bc9720693
-
SHA256
91284ca609eaaca1bc45c89f0f5f1c404b6693c0585739e10af927a82aa8564c
-
SHA512
2009899f6a78c61711f6e8aaa2cb177dceaeffabd61efffd3a76240d63711216eb50f5ca9d514fcdd9f3e036cef7ac428777076119f702935f40986ddcf8549f
-
SSDEEP
49152:xVaLq/BIjfvD/ZPNkDU4TweADCmLdYDKBwvNT0bA1ZrRvptu:vaLqCHDhlkDU4TweADCmLdYOBwvNTkuU
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
91284ca609eaaca1bc45c89f0f5f1c404b6693c0585739e10af927a82aa8564c
-
Size
2.6MB
-
MD5
470b23e465b8371e1e60dd7a648d9fab
-
SHA1
60c257da0c999fef352645256395337bc9720693
-
SHA256
91284ca609eaaca1bc45c89f0f5f1c404b6693c0585739e10af927a82aa8564c
-
SHA512
2009899f6a78c61711f6e8aaa2cb177dceaeffabd61efffd3a76240d63711216eb50f5ca9d514fcdd9f3e036cef7ac428777076119f702935f40986ddcf8549f
-
SSDEEP
49152:xVaLq/BIjfvD/ZPNkDU4TweADCmLdYDKBwvNT0bA1ZrRvptu:vaLqCHDhlkDU4TweADCmLdYOBwvNTkuU
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3