General
-
Target
20241002c8f8bb82322a818bb0904d24f7bbff55bkransomware
-
Size
156KB
-
Sample
241002-j2ylmawbkq
-
MD5
c8f8bb82322a818bb0904d24f7bbff55
-
SHA1
f0414782295eadd75308a4a20216d79e2fecbdab
-
SHA256
2d504d9acdddfaa6e6f879203bdc8de886fff21997987407961753e26c5c75cc
-
SHA512
f1a2cd95217bfe45bf4b86858d2fc77056b9a2c780690598bd757eb7166bd0fe841740aff29c99ac65191ce874981455499ff1defc3e7f7957d82c237b1b6046
-
SSDEEP
3072:XdOZkqliyV9314GSJXAfEmd2iobWQtTl/2Q54I:XoZxurJXAfAiobWQtTluQiI
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
20241002c8f8bb82322a818bb0904d24f7bbff55bkransomware
-
Size
156KB
-
MD5
c8f8bb82322a818bb0904d24f7bbff55
-
SHA1
f0414782295eadd75308a4a20216d79e2fecbdab
-
SHA256
2d504d9acdddfaa6e6f879203bdc8de886fff21997987407961753e26c5c75cc
-
SHA512
f1a2cd95217bfe45bf4b86858d2fc77056b9a2c780690598bd757eb7166bd0fe841740aff29c99ac65191ce874981455499ff1defc3e7f7957d82c237b1b6046
-
SSDEEP
3072:XdOZkqliyV9314GSJXAfEmd2iobWQtTl/2Q54I:XoZxurJXAfAiobWQtTluQiI
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5