General
-
Target
2024-05-17_d70e659dd78ddf8d41911eb048cd5d37_magniber
-
Size
2.3MB
-
Sample
240517-lgnl2aca99
-
MD5
d70e659dd78ddf8d41911eb048cd5d37
-
SHA1
aea07fca81ad6f441e8e4e7060a37f22b27ea90e
-
SHA256
d01be4cde48dbc8fa7f93688aa748ecd918462367e2603215a97dca35e5f826e
-
SHA512
d86360b8e87ca46e495c2845ffaa2cec342ef219de74e6d68e24f55893d6b1cd79052c2220aabda3a0a8b11eb8d99d5ff08d2544e84d986106e11e04ede6d781
-
SSDEEP
49152:YBWin/JuMr4kThw18ErALL01cNRTNGaUt9wiaXOsWf85PHnzHZ:rin/JuMc8ErEL01cUjwd1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-05-17_d70e659dd78ddf8d41911eb048cd5d37_magniber
-
Size
2.3MB
-
MD5
d70e659dd78ddf8d41911eb048cd5d37
-
SHA1
aea07fca81ad6f441e8e4e7060a37f22b27ea90e
-
SHA256
d01be4cde48dbc8fa7f93688aa748ecd918462367e2603215a97dca35e5f826e
-
SHA512
d86360b8e87ca46e495c2845ffaa2cec342ef219de74e6d68e24f55893d6b1cd79052c2220aabda3a0a8b11eb8d99d5ff08d2544e84d986106e11e04ede6d781
-
SSDEEP
49152:YBWin/JuMr4kThw18ErALL01cNRTNGaUt9wiaXOsWf85PHnzHZ:rin/JuMc8ErEL01cUjwd1
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1