General
-
Target
2024-12-06_01908c8c560d63274ae3a37168f18b34_icedid
-
Size
2.7MB
-
Sample
241206-b8m5gatmhz
-
MD5
01908c8c560d63274ae3a37168f18b34
-
SHA1
0c42e0072b7bbd31f5f4645bc4bdcd6a78098094
-
SHA256
b0e63005c9b7763de32d3035aff919fd524ff6a5e6856ef3662fd6091a14e07f
-
SHA512
887dbd3829dc49eab00b44665c548469c2d623228b248f631bfff7f2c552762c92ab39dfe77873abfae68f14a3271ea9692573f890677edda0cb0264aaed8330
-
SSDEEP
24576:9wWtdmdWUqjyeiSinbalHLlKvoSpqqHlQZ31dliPOHVym6EupAriTp3+Bw+6hjPj:9A+BSoT9/ymO0DBDLP8JXD49Mo81
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-12-06_01908c8c560d63274ae3a37168f18b34_icedid
-
Size
2.7MB
-
MD5
01908c8c560d63274ae3a37168f18b34
-
SHA1
0c42e0072b7bbd31f5f4645bc4bdcd6a78098094
-
SHA256
b0e63005c9b7763de32d3035aff919fd524ff6a5e6856ef3662fd6091a14e07f
-
SHA512
887dbd3829dc49eab00b44665c548469c2d623228b248f631bfff7f2c552762c92ab39dfe77873abfae68f14a3271ea9692573f890677edda0cb0264aaed8330
-
SSDEEP
24576:9wWtdmdWUqjyeiSinbalHLlKvoSpqqHlQZ31dliPOHVym6EupAriTp3+Bw+6hjPj:9A+BSoT9/ymO0DBDLP8JXD49Mo81
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5