General
-
Target
8015448f9c0edb9aa349c6de1cf14bed1c6bb26494f8cafb1828c05db61c1758.exe
-
Size
3.7MB
-
Sample
240519-mtwnvaef24
-
MD5
84094a0017926bd27868318aa7356bbd
-
SHA1
ed998edc125fbd4280fb1035410d5c26c68fad85
-
SHA256
8015448f9c0edb9aa349c6de1cf14bed1c6bb26494f8cafb1828c05db61c1758
-
SHA512
15ba2ddc19ca37cc9fe599f41d3cd6b3466c4f07a71cdb49fad554343e4c2f8addb2bfdc20592563a3e9a83373fc519cff4fd57154bceae6cc342b262a901552
-
SSDEEP
98304:/LkCqK9jITuvn4LNfsWVV0FLOAkGkzdnEVomFHKnPw:DkCqM5APV0FLOyomFHKnPw
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8015448f9c0edb9aa349c6de1cf14bed1c6bb26494f8cafb1828c05db61c1758.exe
-
Size
3.7MB
-
MD5
84094a0017926bd27868318aa7356bbd
-
SHA1
ed998edc125fbd4280fb1035410d5c26c68fad85
-
SHA256
8015448f9c0edb9aa349c6de1cf14bed1c6bb26494f8cafb1828c05db61c1758
-
SHA512
15ba2ddc19ca37cc9fe599f41d3cd6b3466c4f07a71cdb49fad554343e4c2f8addb2bfdc20592563a3e9a83373fc519cff4fd57154bceae6cc342b262a901552
-
SSDEEP
98304:/LkCqK9jITuvn4LNfsWVV0FLOAkGkzdnEVomFHKnPw:DkCqM5APV0FLOyomFHKnPw
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1