General
-
Target
b176e43638b8683c22ae0aa20fd047a631d7aa0221741f451ac9dcdf06b70104
-
Size
3.0MB
-
Sample
240908-lle6fsycnq
-
MD5
498c782ecea1bc93a96970060cda99eb
-
SHA1
419b4877c70af47a2dd7df23c93740a790c2c974
-
SHA256
b176e43638b8683c22ae0aa20fd047a631d7aa0221741f451ac9dcdf06b70104
-
SHA512
e90d33a43a37ba53ed03a4af5cf8cf60e25820a8c146d9ad4903cf2372a57a36237776319baf6a201ed52342ece2cf19a95c441ae536713b354ec2ca54182c28
-
SSDEEP
49152:KRefbRq+svmn5ZEzj3hbG9WDwAFSRrQRAqlqbqzNqAPdjsto:iefb4+qmn4z1bG9ESJQqMjsto
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
b176e43638b8683c22ae0aa20fd047a631d7aa0221741f451ac9dcdf06b70104
-
Size
3.0MB
-
MD5
498c782ecea1bc93a96970060cda99eb
-
SHA1
419b4877c70af47a2dd7df23c93740a790c2c974
-
SHA256
b176e43638b8683c22ae0aa20fd047a631d7aa0221741f451ac9dcdf06b70104
-
SHA512
e90d33a43a37ba53ed03a4af5cf8cf60e25820a8c146d9ad4903cf2372a57a36237776319baf6a201ed52342ece2cf19a95c441ae536713b354ec2ca54182c28
-
SSDEEP
49152:KRefbRq+svmn5ZEzj3hbG9WDwAFSRrQRAqlqbqzNqAPdjsto:iefb4+qmn4z1bG9ESJQqMjsto
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5