General
-
Target
26366e61927cde0e190bd8f2c169119a51e3f1abb4578aaaa5ba3f56ed8d449b
-
Size
281KB
-
Sample
241205-sk8vpszlfz
-
MD5
2751f151191c21d0487845bedcfa8315
-
SHA1
2f9e4f398c33c0730501b78e60e125c1f4225036
-
SHA256
26366e61927cde0e190bd8f2c169119a51e3f1abb4578aaaa5ba3f56ed8d449b
-
SHA512
2a9e83de92d33bc0654f45671130201975f98d9702e12cb21a29c6799df37f1256e0ac2c86d7f149f04ff951211640151514ec1c602f404682e0b2aabc8a6f4c
-
SSDEEP
6144:5A3W+3LWtbOzYe80or02xaHM91jIYu4jzrSA4pg:5j+WtbPr08t99W4jzug
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
26366e61927cde0e190bd8f2c169119a51e3f1abb4578aaaa5ba3f56ed8d449b
-
Size
281KB
-
MD5
2751f151191c21d0487845bedcfa8315
-
SHA1
2f9e4f398c33c0730501b78e60e125c1f4225036
-
SHA256
26366e61927cde0e190bd8f2c169119a51e3f1abb4578aaaa5ba3f56ed8d449b
-
SHA512
2a9e83de92d33bc0654f45671130201975f98d9702e12cb21a29c6799df37f1256e0ac2c86d7f149f04ff951211640151514ec1c602f404682e0b2aabc8a6f4c
-
SSDEEP
6144:5A3W+3LWtbOzYe80or02xaHM91jIYu4jzrSA4pg:5j+WtbPr08t99W4jzug
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5