General
-
Target
bf6f2d23a172676f8ba1b77b10896440a5997eefbcb05a6fad43c3cd2399e01b
-
Size
65KB
-
Sample
240517-d5n9gafe3t
-
MD5
8fe9e72c5ca68f0a3cbb5d218ec72506
-
SHA1
754dce051d9a1dc557b7e66e3bb8af7815f7de69
-
SHA256
bf6f2d23a172676f8ba1b77b10896440a5997eefbcb05a6fad43c3cd2399e01b
-
SHA512
f42dc33c57f6b71d8f99c681d4f907f1f63ca4f4a42ec759378b1b90d3f135bb17bf00adfb6ac274d86738a04a33c6de43dfffc8957b83183577418212bee3f0
-
SSDEEP
1536:DceB0rQrZJQt/DxlGdyMX5PgNz5ojR6Zyj+oH4Hd+oDaBdJYEB:DPB0krctrXxKPgRE+oHeMoi2Y
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bf6f2d23a172676f8ba1b77b10896440a5997eefbcb05a6fad43c3cd2399e01b
-
Size
65KB
-
MD5
8fe9e72c5ca68f0a3cbb5d218ec72506
-
SHA1
754dce051d9a1dc557b7e66e3bb8af7815f7de69
-
SHA256
bf6f2d23a172676f8ba1b77b10896440a5997eefbcb05a6fad43c3cd2399e01b
-
SHA512
f42dc33c57f6b71d8f99c681d4f907f1f63ca4f4a42ec759378b1b90d3f135bb17bf00adfb6ac274d86738a04a33c6de43dfffc8957b83183577418212bee3f0
-
SSDEEP
1536:DceB0rQrZJQt/DxlGdyMX5PgNz5ojR6Zyj+oH4Hd+oDaBdJYEB:DPB0krctrXxKPgRE+oHeMoi2Y
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3