General
-
Target
1e8a83093f635a417439d907b6a95a6b8ed34eecdd4b0e09cb6e04fe20278049
-
Size
276KB
-
Sample
240519-wxk6ysba88
-
MD5
82cd5b03e8567da6dde4aab0ab031e6f
-
SHA1
395f2cb21614a2beccda8ef485774ef848728da8
-
SHA256
1e8a83093f635a417439d907b6a95a6b8ed34eecdd4b0e09cb6e04fe20278049
-
SHA512
b08fae4ed49e998e224dd8084cebe3eeb774c9e5d55d35da37462f200b51f00a21776ad6dfcee2bef5f70c56fa3aef7e66cd65823c37e95752dc61814c9d7e75
-
SSDEEP
3072:BHe+aX3tM6gT9o2MK52DRkBUiXxBHkjh5c5Tuh310dIajugrxMs3fGBj:8+aX3u6gT9o2LGOUixdkjhUqcIuFn3M
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1e8a83093f635a417439d907b6a95a6b8ed34eecdd4b0e09cb6e04fe20278049
-
Size
276KB
-
MD5
82cd5b03e8567da6dde4aab0ab031e6f
-
SHA1
395f2cb21614a2beccda8ef485774ef848728da8
-
SHA256
1e8a83093f635a417439d907b6a95a6b8ed34eecdd4b0e09cb6e04fe20278049
-
SHA512
b08fae4ed49e998e224dd8084cebe3eeb774c9e5d55d35da37462f200b51f00a21776ad6dfcee2bef5f70c56fa3aef7e66cd65823c37e95752dc61814c9d7e75
-
SSDEEP
3072:BHe+aX3tM6gT9o2MK52DRkBUiXxBHkjh5c5Tuh310dIajugrxMs3fGBj:8+aX3u6gT9o2LGOUixdkjhUqcIuFn3M
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1