General
-
Target
d52a7253dbb174dda4624bb9799e0b924d2e7e29978a4def4a63bfdc6b65c677
-
Size
199KB
-
Sample
240722-rh17ea1erg
-
MD5
c88b55e1f3bf357bb125379498c1cec7
-
SHA1
5b10a0f7503e5a3efb5938dcf731a8b434cc1533
-
SHA256
d52a7253dbb174dda4624bb9799e0b924d2e7e29978a4def4a63bfdc6b65c677
-
SHA512
d7e3d8226675eb6515cf455ce71b40c4f05f6b59f8b8311c0d938ea5dab408eec3a905e9ffe689f79234f906288557f83ab15f903c7a448807df261e709eb8ee
-
SSDEEP
3072:zW6JOF4OrLZ3zVVN+7ApBP7cMs07VeXf+vEv4mEbWoZYXr:zW6JOtrLZ3HMApBP7cp8VeP+vWjEbT0
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
d52a7253dbb174dda4624bb9799e0b924d2e7e29978a4def4a63bfdc6b65c677
-
Size
199KB
-
MD5
c88b55e1f3bf357bb125379498c1cec7
-
SHA1
5b10a0f7503e5a3efb5938dcf731a8b434cc1533
-
SHA256
d52a7253dbb174dda4624bb9799e0b924d2e7e29978a4def4a63bfdc6b65c677
-
SHA512
d7e3d8226675eb6515cf455ce71b40c4f05f6b59f8b8311c0d938ea5dab408eec3a905e9ffe689f79234f906288557f83ab15f903c7a448807df261e709eb8ee
-
SSDEEP
3072:zW6JOF4OrLZ3zVVN+7ApBP7cMs07VeXf+vEv4mEbWoZYXr:zW6JOtrLZ3HMApBP7cp8VeP+vWjEbT0
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1