General
-
Target
193301eec463f64548f026797bb52b348a16d029a01adb30760febffe1d80f57
-
Size
2.5MB
-
Sample
240528-aa2drsgb44
-
MD5
ee8249bab7af7605b202fabe9bdac646
-
SHA1
9e7715c26743a813056a0dc38e92d9bebbe375d4
-
SHA256
193301eec463f64548f026797bb52b348a16d029a01adb30760febffe1d80f57
-
SHA512
b4b7a9237132d951e8d1c9b90df210a1ace4700903ca07c6023168cc6c3d4dec728f750a5f8b65cdd719d58aca7b693f73faf097195906f35dd96e0c145a3a0e
-
SSDEEP
49152:3reCWbYLlfeh+30Xl2f80HA5dxF7LlYMCSRkkd7fscIUm0TkylXiljBsuG:bFCYIk25dxF7LzCQd7fscIUmG0o
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
193301eec463f64548f026797bb52b348a16d029a01adb30760febffe1d80f57
-
Size
2.5MB
-
MD5
ee8249bab7af7605b202fabe9bdac646
-
SHA1
9e7715c26743a813056a0dc38e92d9bebbe375d4
-
SHA256
193301eec463f64548f026797bb52b348a16d029a01adb30760febffe1d80f57
-
SHA512
b4b7a9237132d951e8d1c9b90df210a1ace4700903ca07c6023168cc6c3d4dec728f750a5f8b65cdd719d58aca7b693f73faf097195906f35dd96e0c145a3a0e
-
SSDEEP
49152:3reCWbYLlfeh+30Xl2f80HA5dxF7LlYMCSRkkd7fscIUm0TkylXiljBsuG:bFCYIk25dxF7LzCQd7fscIUmG0o
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1