General
-
Target
07b04676e7f34be2059f1d80c97fb5fdabbde3dfab8e12c845157fa607dfb9aa
-
Size
2.0MB
-
Sample
241205-sjdm6swjhr
-
MD5
423aab512e16bcd279834a5989a8c359
-
SHA1
5498f8b701fea65748e7d9492285e9e276a6763d
-
SHA256
07b04676e7f34be2059f1d80c97fb5fdabbde3dfab8e12c845157fa607dfb9aa
-
SHA512
7d64894e327f3d63f5f2669bd0605878350048d3d8f8b389e5737083fefe4329741400b8aaa8f58094ccf3300aa04a0374daa4a541ad244625159d126348cb9f
-
SSDEEP
49152:ruriJ899OM/gSY8wHTsb+92hnHO6xfV6vq7NrpOPfgLs1OADgMedmM:ruriE9jgSY3Two2hHXxL7NrpjfX
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
07b04676e7f34be2059f1d80c97fb5fdabbde3dfab8e12c845157fa607dfb9aa
-
Size
2.0MB
-
MD5
423aab512e16bcd279834a5989a8c359
-
SHA1
5498f8b701fea65748e7d9492285e9e276a6763d
-
SHA256
07b04676e7f34be2059f1d80c97fb5fdabbde3dfab8e12c845157fa607dfb9aa
-
SHA512
7d64894e327f3d63f5f2669bd0605878350048d3d8f8b389e5737083fefe4329741400b8aaa8f58094ccf3300aa04a0374daa4a541ad244625159d126348cb9f
-
SSDEEP
49152:ruriJ899OM/gSY8wHTsb+92hnHO6xfV6vq7NrpOPfgLs1OADgMedmM:ruriE9jgSY3Two2hHXxL7NrpjfX
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5