General
-
Target
ce894bb68665bf2823fbe794118d37c31660bc6cd107c6b01f5b9d3715a88874
-
Size
128KB
-
Sample
240517-k9ghrabe85
-
MD5
3da6f4865c5eca73946f8b0d6b709bab
-
SHA1
5819c8399b00210e25a8c1530b94abe35de490e3
-
SHA256
ce894bb68665bf2823fbe794118d37c31660bc6cd107c6b01f5b9d3715a88874
-
SHA512
9b1e1f3b0351b3b6d780d239447147d7768f16079e7938f7a5f9cc094f498521fa1f31341ab19c2907bf01093ec255ad78405751f78773cfb041d48f61aceb06
-
SSDEEP
3072:oftffjmNW+vl1Y9zk7CfvOSOMYz93MgCzhariL5SXS5Us6:4VfjmNWQM33OFzRM7tar5s6
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ce894bb68665bf2823fbe794118d37c31660bc6cd107c6b01f5b9d3715a88874
-
Size
128KB
-
MD5
3da6f4865c5eca73946f8b0d6b709bab
-
SHA1
5819c8399b00210e25a8c1530b94abe35de490e3
-
SHA256
ce894bb68665bf2823fbe794118d37c31660bc6cd107c6b01f5b9d3715a88874
-
SHA512
9b1e1f3b0351b3b6d780d239447147d7768f16079e7938f7a5f9cc094f498521fa1f31341ab19c2907bf01093ec255ad78405751f78773cfb041d48f61aceb06
-
SSDEEP
3072:oftffjmNW+vl1Y9zk7CfvOSOMYz93MgCzhariL5SXS5Us6:4VfjmNWQM33OFzRM7tar5s6
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1