General
-
Target
aa0818c011bc4f29cd5c353ae4933d258de8fd30debf52e2fe7084d0e88001b8
-
Size
3.2MB
-
Sample
240930-h4d5bsscll
-
MD5
4c246e64999183be2dcdc6cce821209b
-
SHA1
1622a5183df1d4f465a2f1dbd2aa3032a24681cb
-
SHA256
aa0818c011bc4f29cd5c353ae4933d258de8fd30debf52e2fe7084d0e88001b8
-
SHA512
76f0891921d29d25ed9f0ea883ba7962252010fc4504177b148750dfe752782361d45ebc8668dc013999cc29e59050dbcc969f9402e237b961a8c04a8078135a
-
SSDEEP
49152:DSGh1VkN+OZgPQigLOy24Pp3io0taTisL9G4C+Pu3dLtPBmZe6CTBDAZ/ozNGWr:DSGvmN04igLO34B3iYTfG2u3RvmZCGWr
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
aa0818c011bc4f29cd5c353ae4933d258de8fd30debf52e2fe7084d0e88001b8
-
Size
3.2MB
-
MD5
4c246e64999183be2dcdc6cce821209b
-
SHA1
1622a5183df1d4f465a2f1dbd2aa3032a24681cb
-
SHA256
aa0818c011bc4f29cd5c353ae4933d258de8fd30debf52e2fe7084d0e88001b8
-
SHA512
76f0891921d29d25ed9f0ea883ba7962252010fc4504177b148750dfe752782361d45ebc8668dc013999cc29e59050dbcc969f9402e237b961a8c04a8078135a
-
SSDEEP
49152:DSGh1VkN+OZgPQigLOy24Pp3io0taTisL9G4C+Pu3dLtPBmZe6CTBDAZ/ozNGWr:DSGvmN04igLO34B3iYTfG2u3RvmZCGWr
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5