General
-
Target
38fce820cc20e64caf124779769de1a6bec6396c43dbecd1a805390be92c8804
-
Size
4.8MB
-
Sample
240609-f71fmaec2z
-
MD5
7755d1a49a13bbab354a30b48ac17239
-
SHA1
cf865105ffbef818af61b29066af7132d5469541
-
SHA256
38fce820cc20e64caf124779769de1a6bec6396c43dbecd1a805390be92c8804
-
SHA512
39c838bd71459057ce29c8f01da8e9da40ccac9ffdc50fe81d3ce3bf5a3fb1e04b46d7a80282769e62669c168276c2fce2db7b4058aa7e3eb255a7133ecdafd0
-
SSDEEP
98304:ewedDyp8dAIhJfNsYuqW27pc/wwA2wYAkjqdsCAMiid/fnmouRm8E5zeJ6isPNQv:BespMbhJfyhqW27pV2LHqdsCA+d//msC
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
38fce820cc20e64caf124779769de1a6bec6396c43dbecd1a805390be92c8804
-
Size
4.8MB
-
MD5
7755d1a49a13bbab354a30b48ac17239
-
SHA1
cf865105ffbef818af61b29066af7132d5469541
-
SHA256
38fce820cc20e64caf124779769de1a6bec6396c43dbecd1a805390be92c8804
-
SHA512
39c838bd71459057ce29c8f01da8e9da40ccac9ffdc50fe81d3ce3bf5a3fb1e04b46d7a80282769e62669c168276c2fce2db7b4058aa7e3eb255a7133ecdafd0
-
SSDEEP
98304:ewedDyp8dAIhJfNsYuqW27pc/wwA2wYAkjqdsCAMiid/fnmouRm8E5zeJ6isPNQv:BespMbhJfyhqW27pV2LHqdsCA+d//msC
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1