General
-
Target
f321ed9cdf6552c9453ae5d09e1aa2ebefeef93d68e8e3c0911e090cded3addf
-
Size
3.0MB
-
Sample
240809-d76arswdnq
-
MD5
66928fcd202b4686fd1457e58b89ebc2
-
SHA1
7a0123e8719007498a803276c965f060b4d8c3e2
-
SHA256
f321ed9cdf6552c9453ae5d09e1aa2ebefeef93d68e8e3c0911e090cded3addf
-
SHA512
a44522bb9dc137f34e3e237a1776ca44cf8269430874debfcc4bb9729b62380d2e9510098c7b221f26e931959ba70a96726e150442e24abdc3340a6d324573fe
-
SSDEEP
49152:8AQNSqnrgZzB05rch4OD/xSfVWsAnkOgsCK2XXldggsF3hQSUkNqA7l1:FQNSqnMZldiq/xSIKOSK2XXfgHFb
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
f321ed9cdf6552c9453ae5d09e1aa2ebefeef93d68e8e3c0911e090cded3addf
-
Size
3.0MB
-
MD5
66928fcd202b4686fd1457e58b89ebc2
-
SHA1
7a0123e8719007498a803276c965f060b4d8c3e2
-
SHA256
f321ed9cdf6552c9453ae5d09e1aa2ebefeef93d68e8e3c0911e090cded3addf
-
SHA512
a44522bb9dc137f34e3e237a1776ca44cf8269430874debfcc4bb9729b62380d2e9510098c7b221f26e931959ba70a96726e150442e24abdc3340a6d324573fe
-
SSDEEP
49152:8AQNSqnrgZzB05rch4OD/xSfVWsAnkOgsCK2XXldggsF3hQSUkNqA7l1:FQNSqnMZldiq/xSIKOSK2XXfgHFb
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5