General
-
Target
46117a497962025224169eb2d5e0a0092570d90dd5654e27fb111f71bd24503eN.exe
-
Size
120KB
-
Sample
241206-vy2dwsymaz
-
MD5
fa8286fb52d1644dcbdd6531f13dc940
-
SHA1
fa215dddfc8586de54ef416a6d1b05e29fd5a442
-
SHA256
46117a497962025224169eb2d5e0a0092570d90dd5654e27fb111f71bd24503e
-
SHA512
5f58065b4dd87706336083afcad31a736a5e530465c661d1dc4ef11d968f67cfe820718753dc1b3617c3c8e90e5defbf9b10b2f2cf9d7720fe32ce7698c4be37
-
SSDEEP
1536:LQnAs4x55374/HBDJtIeZBbOkGLy49xbGYNWF+yqEbPogdQBF4proEx:uOeDtIufGLy4SYNWhovWproA
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
46117a497962025224169eb2d5e0a0092570d90dd5654e27fb111f71bd24503eN.exe
-
Size
120KB
-
MD5
fa8286fb52d1644dcbdd6531f13dc940
-
SHA1
fa215dddfc8586de54ef416a6d1b05e29fd5a442
-
SHA256
46117a497962025224169eb2d5e0a0092570d90dd5654e27fb111f71bd24503e
-
SHA512
5f58065b4dd87706336083afcad31a736a5e530465c661d1dc4ef11d968f67cfe820718753dc1b3617c3c8e90e5defbf9b10b2f2cf9d7720fe32ce7698c4be37
-
SSDEEP
1536:LQnAs4x55374/HBDJtIeZBbOkGLy49xbGYNWF+yqEbPogdQBF4proEx:uOeDtIufGLy4SYNWhovWproA
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5