General
-
Target
58b1fd96bd360ac90303df8a7fda32f79a090ea793c4b293ab783daefa7ef01c
-
Size
200KB
-
Sample
240516-xts8tsbg45
-
MD5
16e54a1f36a3f5b20b130a275a4bd760
-
SHA1
c09ae868ef842577400da756e7d5ef9a69059535
-
SHA256
58b1fd96bd360ac90303df8a7fda32f79a090ea793c4b293ab783daefa7ef01c
-
SHA512
2e6925370ce57059dc0054e9c33ff6f5d442517234b4b35c706725d6f9df70832f8b68639838b1d44ee386ef8a5eaa3eb431bd989104684b95cdc3f16761396d
-
SSDEEP
3072:a6p7yhovwPDrOJmco53xmIsXUN/a4Mp2Lg6PyjFOpRk:a6sPDKJTSNCULbPyIp2
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
58b1fd96bd360ac90303df8a7fda32f79a090ea793c4b293ab783daefa7ef01c
-
Size
200KB
-
MD5
16e54a1f36a3f5b20b130a275a4bd760
-
SHA1
c09ae868ef842577400da756e7d5ef9a69059535
-
SHA256
58b1fd96bd360ac90303df8a7fda32f79a090ea793c4b293ab783daefa7ef01c
-
SHA512
2e6925370ce57059dc0054e9c33ff6f5d442517234b4b35c706725d6f9df70832f8b68639838b1d44ee386ef8a5eaa3eb431bd989104684b95cdc3f16761396d
-
SSDEEP
3072:a6p7yhovwPDrOJmco53xmIsXUN/a4Mp2Lg6PyjFOpRk:a6sPDKJTSNCULbPyIp2
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5