General
-
Target
f94efa763ca05430f9e932f3dce4b73b72292f72b8e4597c245fe9c1ab978b1f
-
Size
256KB
-
Sample
240514-g2kzesdd9t
-
MD5
fc9ededea3b450a35a5fd1fca43f9217
-
SHA1
fd15ce4db71b2e8911c28793ddb7fef0755c120e
-
SHA256
f94efa763ca05430f9e932f3dce4b73b72292f72b8e4597c245fe9c1ab978b1f
-
SHA512
c2beb6960c34d7d78c1c194d58d8c0f7d1b73ccd3e005b9a64faaac14029fcbb14701c091ab314c17fdf0d18c40aecef67e55f08c4abaff6b6e243afef7ed4a6
-
SSDEEP
3072:2CaG0lvxLVGLcC6PmTjVxABG2HW4a1vqcxgEE0xrrCCZ2QnGUMep1mX0to38wqjA:dx0f5pLW4a1ycxgEE0lb4PepIktoOip
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f94efa763ca05430f9e932f3dce4b73b72292f72b8e4597c245fe9c1ab978b1f
-
Size
256KB
-
MD5
fc9ededea3b450a35a5fd1fca43f9217
-
SHA1
fd15ce4db71b2e8911c28793ddb7fef0755c120e
-
SHA256
f94efa763ca05430f9e932f3dce4b73b72292f72b8e4597c245fe9c1ab978b1f
-
SHA512
c2beb6960c34d7d78c1c194d58d8c0f7d1b73ccd3e005b9a64faaac14029fcbb14701c091ab314c17fdf0d18c40aecef67e55f08c4abaff6b6e243afef7ed4a6
-
SSDEEP
3072:2CaG0lvxLVGLcC6PmTjVxABG2HW4a1vqcxgEE0xrrCCZ2QnGUMep1mX0to38wqjA:dx0f5pLW4a1ycxgEE0lb4PepIktoOip
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5