General
-
Target
db60cec98bc300e956e1247febe8635b1b9b1ef186a3da2c73527f2ec14a7f1c
-
Size
124KB
-
Sample
240609-d18sbada2z
-
MD5
b32f165431529e97f3da577cb2dc69ad
-
SHA1
91c5d2c70db3a482119dc1ec8a36a5d7bfec8550
-
SHA256
db60cec98bc300e956e1247febe8635b1b9b1ef186a3da2c73527f2ec14a7f1c
-
SHA512
6cd871dbeb29d6cc2d1fcf9816492a791b63fe144ee308984a200ff662155a4c4cc0f8bb1987e8f1e6fbd4345c982adaea0c80a32984e0b716d088bf102c0411
-
SSDEEP
3072:cMxftffjmNfZM9+L/7MjKk8QAP+QxbZyRO68kYNt4O77Y:ZVfjmNfK9+Tk8u8bZIukHO77Y
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
db60cec98bc300e956e1247febe8635b1b9b1ef186a3da2c73527f2ec14a7f1c
-
Size
124KB
-
MD5
b32f165431529e97f3da577cb2dc69ad
-
SHA1
91c5d2c70db3a482119dc1ec8a36a5d7bfec8550
-
SHA256
db60cec98bc300e956e1247febe8635b1b9b1ef186a3da2c73527f2ec14a7f1c
-
SHA512
6cd871dbeb29d6cc2d1fcf9816492a791b63fe144ee308984a200ff662155a4c4cc0f8bb1987e8f1e6fbd4345c982adaea0c80a32984e0b716d088bf102c0411
-
SSDEEP
3072:cMxftffjmNfZM9+L/7MjKk8QAP+QxbZyRO68kYNt4O77Y:ZVfjmNfK9+Tk8u8bZIukHO77Y
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1