General
-
Target
2010a2b884501d8364492c3a6a1c693ca894840f9bc59ddc5b6fb2fba78151ce
-
Size
65KB
-
Sample
240519-x7j73seb3x
-
MD5
82aefb91c5fb0d132ead46b0768434e3
-
SHA1
5f12fca5b07fb29f82a0c0f04ea9faca8498a366
-
SHA256
2010a2b884501d8364492c3a6a1c693ca894840f9bc59ddc5b6fb2fba78151ce
-
SHA512
c06721a2f5b1eaf7b59e3a976abfdea055516f8ee35fe23bad58d2e9e6b4cfec172a1dae754772c2f7bd1b05d012c4069a60fdc01f8cba4f378f6b89c05a29e1
-
SSDEEP
1536:JakDBRnVcceloa2jU5m/N6qyNTy7gcxi1:HBVVbeqU5s6FT1R
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2010a2b884501d8364492c3a6a1c693ca894840f9bc59ddc5b6fb2fba78151ce
-
Size
65KB
-
MD5
82aefb91c5fb0d132ead46b0768434e3
-
SHA1
5f12fca5b07fb29f82a0c0f04ea9faca8498a366
-
SHA256
2010a2b884501d8364492c3a6a1c693ca894840f9bc59ddc5b6fb2fba78151ce
-
SHA512
c06721a2f5b1eaf7b59e3a976abfdea055516f8ee35fe23bad58d2e9e6b4cfec172a1dae754772c2f7bd1b05d012c4069a60fdc01f8cba4f378f6b89c05a29e1
-
SSDEEP
1536:JakDBRnVcceloa2jU5m/N6qyNTy7gcxi1:HBVVbeqU5s6FT1R
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3