General
-
Target
0119edc4123b1b68c8c4a0c04e5468e95377ad200c594160a2c6abd3814c0299.exe
-
Size
120KB
-
Sample
240520-yx2j2sfc53
-
MD5
e22aa94b66415e28ab49b2f6c74a84a0
-
SHA1
0aa66de62267175fd2420de595ec57126a244120
-
SHA256
0119edc4123b1b68c8c4a0c04e5468e95377ad200c594160a2c6abd3814c0299
-
SHA512
e05385d82a243e3ad850613e72a9c6f307000186b2946ff95b12e70a9763294db6a89671b98bfd9badb4ae75295ce09fa18115782545c117dad52027475c8228
-
SSDEEP
1536:doCVj26w8QBel86/YxjMCkpdupT3+M3qSMzJARCn0lE4nKJCWqYUvOiaQx4NigQK:doUQU++YxjGwZuJARuK/nKJYYUd74rb
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0119edc4123b1b68c8c4a0c04e5468e95377ad200c594160a2c6abd3814c0299.exe
-
Size
120KB
-
MD5
e22aa94b66415e28ab49b2f6c74a84a0
-
SHA1
0aa66de62267175fd2420de595ec57126a244120
-
SHA256
0119edc4123b1b68c8c4a0c04e5468e95377ad200c594160a2c6abd3814c0299
-
SHA512
e05385d82a243e3ad850613e72a9c6f307000186b2946ff95b12e70a9763294db6a89671b98bfd9badb4ae75295ce09fa18115782545c117dad52027475c8228
-
SSDEEP
1536:doCVj26w8QBel86/YxjMCkpdupT3+M3qSMzJARCn0lE4nKJCWqYUvOiaQx4NigQK:doUQU++YxjGwZuJARuK/nKJYYUd74rb
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3