General
-
Target
2024-05-28_6971cac8fde889e60db80b3fd1459bd4_icedid
-
Size
540KB
-
Sample
240528-nn7plaac56
-
MD5
6971cac8fde889e60db80b3fd1459bd4
-
SHA1
59a4c8c7aca06a36bc604adf34fb5c68b31d6380
-
SHA256
2ade203955609ce4677c0489f752de231b3602f5d237c4bcf67474af90f0f58f
-
SHA512
710a6196d39ebc7eb948ac56491468c371ce034d2d53f03d3ce04450abeee0aaa6b2b5446f1824c604c131afc169b4268d8a7bc31f355d3703df4d0dec78ed4c
-
SSDEEP
12288:sRil+i/ORc/mKw/RZAfwgm1lJq/CnU4vGr69rlzh2:5b/ORcG4w7bqan5eylz0
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-05-28_6971cac8fde889e60db80b3fd1459bd4_icedid
-
Size
540KB
-
MD5
6971cac8fde889e60db80b3fd1459bd4
-
SHA1
59a4c8c7aca06a36bc604adf34fb5c68b31d6380
-
SHA256
2ade203955609ce4677c0489f752de231b3602f5d237c4bcf67474af90f0f58f
-
SHA512
710a6196d39ebc7eb948ac56491468c371ce034d2d53f03d3ce04450abeee0aaa6b2b5446f1824c604c131afc169b4268d8a7bc31f355d3703df4d0dec78ed4c
-
SSDEEP
12288:sRil+i/ORc/mKw/RZAfwgm1lJq/CnU4vGr69rlzh2:5b/ORcG4w7bqan5eylz0
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1