General
-
Target
c15d052d14f86e0a1dfe2ca42d683e263249f9769be3d6fef7623ab41ceb4908
-
Size
120KB
-
Sample
240529-cda24aeg53
-
MD5
e09c66983d05f9d460fd5a9a32e19912
-
SHA1
5043ed21fce7db57ed056deaa26d8443fb75ab13
-
SHA256
c15d052d14f86e0a1dfe2ca42d683e263249f9769be3d6fef7623ab41ceb4908
-
SHA512
4f7b6b184b60f48ee215b338153ad26d4ad4363f5e82167e94eee39e7e855c36065620e3fe141a4202e9e7030f625005597140bfbd43df32efab269314a57029
-
SSDEEP
3072:7c36f6pGHKHiUvhqilrx72+cI562WAgl:Y36ypGHlUvBlrn55a
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c15d052d14f86e0a1dfe2ca42d683e263249f9769be3d6fef7623ab41ceb4908
-
Size
120KB
-
MD5
e09c66983d05f9d460fd5a9a32e19912
-
SHA1
5043ed21fce7db57ed056deaa26d8443fb75ab13
-
SHA256
c15d052d14f86e0a1dfe2ca42d683e263249f9769be3d6fef7623ab41ceb4908
-
SHA512
4f7b6b184b60f48ee215b338153ad26d4ad4363f5e82167e94eee39e7e855c36065620e3fe141a4202e9e7030f625005597140bfbd43df32efab269314a57029
-
SSDEEP
3072:7c36f6pGHKHiUvhqilrx72+cI562WAgl:Y36ypGHlUvBlrn55a
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5