General
-
Target
683420e314da26d37051749b2d80f40e4e3a4e79e228dc7481613160fcc1eee0
-
Size
2.1MB
-
Sample
240611-cy8h4a1gpq
-
MD5
a9cbf289e4e4e8508bf3c78ef45c4617
-
SHA1
7b1422713332dbc8c170f5d9b0b423f698e1c0ba
-
SHA256
683420e314da26d37051749b2d80f40e4e3a4e79e228dc7481613160fcc1eee0
-
SHA512
e76300b019b8d154c6e22a77a72993cac63d732607f067f32e456364f93b1fd718e5541c09e1cf349441e5a7a0c3e52497f3ee66b5512e40bc69b7e1e53fd044
-
SSDEEP
49152:dfNw9MpthQ+zJScahJZZWLX54uPYt2mZNNhAzpPS7NrXOPR9ipTQ8:dfBjQ+lScyJZEuuwtNNt7NrX
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
683420e314da26d37051749b2d80f40e4e3a4e79e228dc7481613160fcc1eee0
-
Size
2.1MB
-
MD5
a9cbf289e4e4e8508bf3c78ef45c4617
-
SHA1
7b1422713332dbc8c170f5d9b0b423f698e1c0ba
-
SHA256
683420e314da26d37051749b2d80f40e4e3a4e79e228dc7481613160fcc1eee0
-
SHA512
e76300b019b8d154c6e22a77a72993cac63d732607f067f32e456364f93b1fd718e5541c09e1cf349441e5a7a0c3e52497f3ee66b5512e40bc69b7e1e53fd044
-
SSDEEP
49152:dfNw9MpthQ+zJScahJZZWLX54uPYt2mZNNhAzpPS7NrXOPR9ipTQ8:dfBjQ+lScyJZEuuwtNNt7NrX
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1