General
-
Target
037e260529f3afcc62281fde4bcd3c5becb7008ae66689bc264bdff9682cc98d
-
Size
4.3MB
-
Sample
240609-f7lx8seb9y
-
MD5
5690d9bab45503fd8ba4ea16c39b80fe
-
SHA1
fe5527904e35aa76ab8eaf120354718f47820456
-
SHA256
037e260529f3afcc62281fde4bcd3c5becb7008ae66689bc264bdff9682cc98d
-
SHA512
03eb0e9546ade2a8e063ef2b5290b42ef16e735ed870c57f0fb2f03056f73e8341ed7f80ce5b46be76ebdec113c71aa5bc3723e86552f88ef746491d3913ceee
-
SSDEEP
98304:UfCjKYWpcq8wP4LPtHa3iWQDxUEL/e69L3HclEKpm67Nrplt1CFFrOG:iwK9cq863ixt3HclEKpmc9Cfj
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
037e260529f3afcc62281fde4bcd3c5becb7008ae66689bc264bdff9682cc98d
-
Size
4.3MB
-
MD5
5690d9bab45503fd8ba4ea16c39b80fe
-
SHA1
fe5527904e35aa76ab8eaf120354718f47820456
-
SHA256
037e260529f3afcc62281fde4bcd3c5becb7008ae66689bc264bdff9682cc98d
-
SHA512
03eb0e9546ade2a8e063ef2b5290b42ef16e735ed870c57f0fb2f03056f73e8341ed7f80ce5b46be76ebdec113c71aa5bc3723e86552f88ef746491d3913ceee
-
SSDEEP
98304:UfCjKYWpcq8wP4LPtHa3iWQDxUEL/e69L3HclEKpm67Nrplt1CFFrOG:iwK9cq863ixt3HclEKpmc9Cfj
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1