General
-
Target
3ceeb198d978a14e828ec4fe8717c326ab24007e922604d10e5baaa2eeb44bd6
-
Size
1.7MB
-
Sample
240521-asg3vacc58
-
MD5
2d57da77a6b8752b86501e56e2c84a1c
-
SHA1
8936031660bf2e20c99ce2e2f0d26976cea4c9bc
-
SHA256
3ceeb198d978a14e828ec4fe8717c326ab24007e922604d10e5baaa2eeb44bd6
-
SHA512
81d9e4eac849764266ccded80c43132ed2079f72daecff764ee3202122ffa003b8727822c041cc593123bac7dd9ccd7de313828be623d55af30c529589d73040
-
SSDEEP
24576:ZpYtRa6dr8+vy6mKTcq8mHVgsctvq57VNYCuO2:ZpvGDvcKTWFq57VN/uO
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3ceeb198d978a14e828ec4fe8717c326ab24007e922604d10e5baaa2eeb44bd6
-
Size
1.7MB
-
MD5
2d57da77a6b8752b86501e56e2c84a1c
-
SHA1
8936031660bf2e20c99ce2e2f0d26976cea4c9bc
-
SHA256
3ceeb198d978a14e828ec4fe8717c326ab24007e922604d10e5baaa2eeb44bd6
-
SHA512
81d9e4eac849764266ccded80c43132ed2079f72daecff764ee3202122ffa003b8727822c041cc593123bac7dd9ccd7de313828be623d55af30c529589d73040
-
SSDEEP
24576:ZpYtRa6dr8+vy6mKTcq8mHVgsctvq57VNYCuO2:ZpvGDvcKTWFq57VN/uO
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3