General
-
Target
a675c514af206517ffb2e3943cc7289d14c3df0d100977b01f5a3be591f9ffd1
-
Size
120KB
-
Sample
240517-cv27xadb2y
-
MD5
d84401ad8e341d8e75a86cc80cdfaa7d
-
SHA1
c3a24e62dd5e72d4ea8ad657df74a145abe8cc91
-
SHA256
a675c514af206517ffb2e3943cc7289d14c3df0d100977b01f5a3be591f9ffd1
-
SHA512
fc3776231392a43156b0cf84a4dd4798786feb328b9ef4fc8069214c56e9608a77ba22431ea22c94a2c0eb664de19396fe3553d497c8f0ca5ee69bcc80ca45e9
-
SSDEEP
3072:uKTu747mBscgnf8DaufSsD0NA/R4kUaRWz/FW:hWEl3AaWwNRks/o
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a675c514af206517ffb2e3943cc7289d14c3df0d100977b01f5a3be591f9ffd1
-
Size
120KB
-
MD5
d84401ad8e341d8e75a86cc80cdfaa7d
-
SHA1
c3a24e62dd5e72d4ea8ad657df74a145abe8cc91
-
SHA256
a675c514af206517ffb2e3943cc7289d14c3df0d100977b01f5a3be591f9ffd1
-
SHA512
fc3776231392a43156b0cf84a4dd4798786feb328b9ef4fc8069214c56e9608a77ba22431ea22c94a2c0eb664de19396fe3553d497c8f0ca5ee69bcc80ca45e9
-
SSDEEP
3072:uKTu747mBscgnf8DaufSsD0NA/R4kUaRWz/FW:hWEl3AaWwNRks/o
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3