General
-
Target
e90148fcc788116c1ad35c8da6c31ea7e83b4ca8824f3438531b1704e83b2942N
-
Size
120KB
-
Sample
240918-zrmpdashkh
-
MD5
fdcbb4d32c3e024e1a78f9fad15f7c40
-
SHA1
85ddb071faa7c7b478d4308b6c0a5b3379b40ec1
-
SHA256
e90148fcc788116c1ad35c8da6c31ea7e83b4ca8824f3438531b1704e83b2942
-
SHA512
aff6ff75b27c6b11c98c3e329c3545c3a988feca18a822029dda7813447cd02f2f18ade857760a68ca3d45d8ed93ad4819c778fe792eabac96e724d39fbf34c1
-
SSDEEP
3072:mmENOi2evOT3SkEMC3V4bfawNLPQnPvET+2pY4n99hf:mmENOizWfE3s7ZIPsTNf
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e90148fcc788116c1ad35c8da6c31ea7e83b4ca8824f3438531b1704e83b2942N
-
Size
120KB
-
MD5
fdcbb4d32c3e024e1a78f9fad15f7c40
-
SHA1
85ddb071faa7c7b478d4308b6c0a5b3379b40ec1
-
SHA256
e90148fcc788116c1ad35c8da6c31ea7e83b4ca8824f3438531b1704e83b2942
-
SHA512
aff6ff75b27c6b11c98c3e329c3545c3a988feca18a822029dda7813447cd02f2f18ade857760a68ca3d45d8ed93ad4819c778fe792eabac96e724d39fbf34c1
-
SSDEEP
3072:mmENOi2evOT3SkEMC3V4bfawNLPQnPvET+2pY4n99hf:mmENOizWfE3s7ZIPsTNf
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5