General
-
Target
54b6a35e9e748ea892c57e8fb2228f1748af86008bf5b6c17347f741ce2856c4
-
Size
444KB
-
Sample
241205-17dbbavkdt
-
MD5
6ca70c3f3188f5517a977daa6d577456
-
SHA1
37b3f7fa9a4805e3ef30fe3bafd49d3c1d15d71e
-
SHA256
54b6a35e9e748ea892c57e8fb2228f1748af86008bf5b6c17347f741ce2856c4
-
SHA512
6bdfe38707a1f985c8030f1f550cfac897e4282c6507df5b17b959e71766ffe7b976be7551bdfcdc4b3e63ddb0b1b1f75b3bc39826836a353995e6ad8be5d789
-
SSDEEP
6144:WWWcGK4EDyGaLquWCVAJvRmiaPd+avl+LwedNojzN1U0Jihs70fkDIp:WWvy2gq71FDwegf/eSGIIp
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
54b6a35e9e748ea892c57e8fb2228f1748af86008bf5b6c17347f741ce2856c4
-
Size
444KB
-
MD5
6ca70c3f3188f5517a977daa6d577456
-
SHA1
37b3f7fa9a4805e3ef30fe3bafd49d3c1d15d71e
-
SHA256
54b6a35e9e748ea892c57e8fb2228f1748af86008bf5b6c17347f741ce2856c4
-
SHA512
6bdfe38707a1f985c8030f1f550cfac897e4282c6507df5b17b959e71766ffe7b976be7551bdfcdc4b3e63ddb0b1b1f75b3bc39826836a353995e6ad8be5d789
-
SSDEEP
6144:WWWcGK4EDyGaLquWCVAJvRmiaPd+avl+LwedNojzN1U0Jihs70fkDIp:WWvy2gq71FDwegf/eSGIIp
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5