General
-
Target
f6eb99569cff998d01b60d66cce904c10b6758dc325fdb40a622a596d7a46292
-
Size
1.1MB
-
Sample
240507-z4fftsgb8w
-
MD5
129d6a429726c27ddd68bbfae37cd431
-
SHA1
30e34f313f2cc2b5e76630cf3547f423d1ca61c4
-
SHA256
f6eb99569cff998d01b60d66cce904c10b6758dc325fdb40a622a596d7a46292
-
SHA512
219f67f4a381e1756c51f1b27f12193ead418b164edca470a5ab2f842a4ba968c8184ff5a104b6e37acf436b289cd6952c84ca9ffbe57bfec1c03bf664763961
-
SSDEEP
24576:HR6zm22I/Zn2c8tBsKSLI1CnX3Zw46sRuh8/tzfHP:x6zmL4Zf8NSLCoX3e465u/tv
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f6eb99569cff998d01b60d66cce904c10b6758dc325fdb40a622a596d7a46292
-
Size
1.1MB
-
MD5
129d6a429726c27ddd68bbfae37cd431
-
SHA1
30e34f313f2cc2b5e76630cf3547f423d1ca61c4
-
SHA256
f6eb99569cff998d01b60d66cce904c10b6758dc325fdb40a622a596d7a46292
-
SHA512
219f67f4a381e1756c51f1b27f12193ead418b164edca470a5ab2f842a4ba968c8184ff5a104b6e37acf436b289cd6952c84ca9ffbe57bfec1c03bf664763961
-
SSDEEP
24576:HR6zm22I/Zn2c8tBsKSLI1CnX3Zw46sRuh8/tzfHP:x6zmL4Zf8NSLCoX3e465u/tv
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1