General
-
Target
0717905c49ad0b9001d610127d317f1b83e68152257afd0c8e7dccb98d5fcf9f
-
Size
3.0MB
-
Sample
240918-zblr5ssblg
-
MD5
677f058066e268488e982a6eba3c1b3b
-
SHA1
d8df1529ab8900eb479c8a60f4f853f3e62a38b6
-
SHA256
0717905c49ad0b9001d610127d317f1b83e68152257afd0c8e7dccb98d5fcf9f
-
SHA512
2f9e9657362f85df00c5ce7a08a04105ebbe149524e116d4b62a13a02f502f2af287f17350e3c62f73b9f6da6f1e73679f13d4c8b5787b5f60303063a4b41d1e
-
SSDEEP
49152:wRefbRq+svmn5ZEzj3hbG9WDwAFSVrQRAqlqbqzNqAPdjYT0Nx:4efb4+qmn4z1bG9ESdQqMj4Ux
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0717905c49ad0b9001d610127d317f1b83e68152257afd0c8e7dccb98d5fcf9f
-
Size
3.0MB
-
MD5
677f058066e268488e982a6eba3c1b3b
-
SHA1
d8df1529ab8900eb479c8a60f4f853f3e62a38b6
-
SHA256
0717905c49ad0b9001d610127d317f1b83e68152257afd0c8e7dccb98d5fcf9f
-
SHA512
2f9e9657362f85df00c5ce7a08a04105ebbe149524e116d4b62a13a02f502f2af287f17350e3c62f73b9f6da6f1e73679f13d4c8b5787b5f60303063a4b41d1e
-
SSDEEP
49152:wRefbRq+svmn5ZEzj3hbG9WDwAFSVrQRAqlqbqzNqAPdjYT0Nx:4efb4+qmn4z1bG9ESdQqMj4Ux
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5