General
-
Target
2f64398bee85e7f3694b56bd71079f626dcd4a68458652e88bbdcf3817f7482e
-
Size
65KB
-
Sample
240611-yz1qjazfjb
-
MD5
0b2279d434695303cbc06f8cdff58d59
-
SHA1
8ba06276a2598d215fe3e0d7152dbca785dbec58
-
SHA256
2f64398bee85e7f3694b56bd71079f626dcd4a68458652e88bbdcf3817f7482e
-
SHA512
0c1ea8ffc93b1d4f697f37dd8a34abcaae036d504935a7a0087595b1e3319dabcabdbb2718fc95fa8908245db1650ab08113c25542b11db5e311f0152ba14a0e
-
SSDEEP
1536:DRyoTKpJPqyffg1xkYtN+cWEZJW16zIDfOKgguKXs/:1TQJ3GxbNXWE7Ww9G8
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2f64398bee85e7f3694b56bd71079f626dcd4a68458652e88bbdcf3817f7482e
-
Size
65KB
-
MD5
0b2279d434695303cbc06f8cdff58d59
-
SHA1
8ba06276a2598d215fe3e0d7152dbca785dbec58
-
SHA256
2f64398bee85e7f3694b56bd71079f626dcd4a68458652e88bbdcf3817f7482e
-
SHA512
0c1ea8ffc93b1d4f697f37dd8a34abcaae036d504935a7a0087595b1e3319dabcabdbb2718fc95fa8908245db1650ab08113c25542b11db5e311f0152ba14a0e
-
SSDEEP
1536:DRyoTKpJPqyffg1xkYtN+cWEZJW16zIDfOKgguKXs/:1TQJ3GxbNXWE7Ww9G8
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3