General
-
Target
7c92e2488f5756dc3bbb3082fee844a0N.exe
-
Size
65KB
-
Sample
240723-hjmwqstbnl
-
MD5
7c92e2488f5756dc3bbb3082fee844a0
-
SHA1
e7aa528ca3032794a87aa46482c420c17ebf59f1
-
SHA256
552f5f31e5c2cbe04dc0429bc522bd2afdf82449dba029690174d7996ed216fe
-
SHA512
9b77fe9a213dc99cc379eeb792be737249f88563c8ae44d2675792699fa8a59cb305fb7c47ff05507e3104dcff4fb35e5f7dc7e20bb1f952cfa3bee0c2a62ce5
-
SSDEEP
1536:fPEQ0FsSHehIuwk/EHj7dlOrgdhjDcEkgwb01aUjuKxaf:fp0FsGKmNPOjb0AUC
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7c92e2488f5756dc3bbb3082fee844a0N.exe
-
Size
65KB
-
MD5
7c92e2488f5756dc3bbb3082fee844a0
-
SHA1
e7aa528ca3032794a87aa46482c420c17ebf59f1
-
SHA256
552f5f31e5c2cbe04dc0429bc522bd2afdf82449dba029690174d7996ed216fe
-
SHA512
9b77fe9a213dc99cc379eeb792be737249f88563c8ae44d2675792699fa8a59cb305fb7c47ff05507e3104dcff4fb35e5f7dc7e20bb1f952cfa3bee0c2a62ce5
-
SSDEEP
1536:fPEQ0FsSHehIuwk/EHj7dlOrgdhjDcEkgwb01aUjuKxaf:fp0FsGKmNPOjb0AUC
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5