General
-
Target
0507872e031c245ec65195dea3229470.exe.bin.exe
-
Size
120KB
-
Sample
240518-l9ympsef9z
-
MD5
0507872e031c245ec65195dea3229470
-
SHA1
9bfc75c73b52142c1d2db8c7dc7d2b25a67b44c2
-
SHA256
8eab44941d3be506e2149d30d4817bf6874791ab01a6a743f579a88b0af373e7
-
SHA512
646894012737faae1e1afd75d7a0c7cfb3d683c27e36c127495b53ff9ee3227c6f5dab1e265132ebbb9dd0b03e003d4e49b405269da7870f7f75827840e8fca1
-
SSDEEP
1536:2/bqK7nO3SMcJMkC3DNUXbU2uUkBUCNyaZmPs7SNyVAUk/zqTRjJvwrO5/wM/beJ:2zf7KMMR354JmxqRUDv6u/w6beF
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0507872e031c245ec65195dea3229470.exe.bin.exe
-
Size
120KB
-
MD5
0507872e031c245ec65195dea3229470
-
SHA1
9bfc75c73b52142c1d2db8c7dc7d2b25a67b44c2
-
SHA256
8eab44941d3be506e2149d30d4817bf6874791ab01a6a743f579a88b0af373e7
-
SHA512
646894012737faae1e1afd75d7a0c7cfb3d683c27e36c127495b53ff9ee3227c6f5dab1e265132ebbb9dd0b03e003d4e49b405269da7870f7f75827840e8fca1
-
SSDEEP
1536:2/bqK7nO3SMcJMkC3DNUXbU2uUkBUCNyaZmPs7SNyVAUk/zqTRjJvwrO5/wM/beJ:2zf7KMMR354JmxqRUDv6u/w6beF
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3