General
-
Target
eda1c0b605038654023f73f0956f3790.exe.bin.exe
-
Size
384KB
-
Sample
240518-t4cr2sch46
-
MD5
eda1c0b605038654023f73f0956f3790
-
SHA1
3a8034cc8e59abe1932ec8a8ff327ac27113f649
-
SHA256
9a79d7d966b8c7ad7e3c3dd8303a821197ddee0ee8b481e0461e72370721f7c0
-
SHA512
9bcaaf53f8c4dec3cd58e0f9b4098178684b6a7bf50e4c67dd6bf8462f840a746585f1eb0ad01e3df51d79523fcd308cd4b0ffea3576824a3bcc645bcb3f951b
-
SSDEEP
6144:dcLYfNP/QZmz33CuOgaYpHVb234vVbgOOUWEPdCQQed7UhDfao8:Z9r3CuOgaY9ViovVbgOUEPFQeuS
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
eda1c0b605038654023f73f0956f3790.exe.bin.exe
-
Size
384KB
-
MD5
eda1c0b605038654023f73f0956f3790
-
SHA1
3a8034cc8e59abe1932ec8a8ff327ac27113f649
-
SHA256
9a79d7d966b8c7ad7e3c3dd8303a821197ddee0ee8b481e0461e72370721f7c0
-
SHA512
9bcaaf53f8c4dec3cd58e0f9b4098178684b6a7bf50e4c67dd6bf8462f840a746585f1eb0ad01e3df51d79523fcd308cd4b0ffea3576824a3bcc645bcb3f951b
-
SSDEEP
6144:dcLYfNP/QZmz33CuOgaYpHVb234vVbgOOUWEPdCQQed7UhDfao8:Z9r3CuOgaY9ViovVbgOUEPFQeuS
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1