General
-
Target
d28fc4feb3df3572cf09a6fb0977d1d2e0d972dabcb409b3367fd27e5a23cf2b
-
Size
968KB
-
Sample
241206-y2dzjs1pbq
-
MD5
bb3649f7bca8cbd31fd067b37183b826
-
SHA1
87f4dcb7da573e08330e227346d497fc169cd869
-
SHA256
d28fc4feb3df3572cf09a6fb0977d1d2e0d972dabcb409b3367fd27e5a23cf2b
-
SHA512
6b255b35f7422a269a0dc595cb45859caa7508521de50e0f52810c92de828d52dbd12275c69c4ed1761abf3d009bfd34a2fa67e8ed18da0a1b3fe7e52ffc55de
-
SSDEEP
24576:ieZVDBdxLiUF2vfxxb6ZpwM0I+NQNYIuy:fVDTsU2XxMZpwe+NXg
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d28fc4feb3df3572cf09a6fb0977d1d2e0d972dabcb409b3367fd27e5a23cf2b
-
Size
968KB
-
MD5
bb3649f7bca8cbd31fd067b37183b826
-
SHA1
87f4dcb7da573e08330e227346d497fc169cd869
-
SHA256
d28fc4feb3df3572cf09a6fb0977d1d2e0d972dabcb409b3367fd27e5a23cf2b
-
SHA512
6b255b35f7422a269a0dc595cb45859caa7508521de50e0f52810c92de828d52dbd12275c69c4ed1761abf3d009bfd34a2fa67e8ed18da0a1b3fe7e52ffc55de
-
SSDEEP
24576:ieZVDBdxLiUF2vfxxb6ZpwM0I+NQNYIuy:fVDTsU2XxMZpwe+NXg
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5