General
-
Target
3fd303a3c243a953380d5ca7fe0b2f0c60e3c37298b8e7d90980b5a08e65afd8.exe
-
Size
121KB
-
Sample
241206-zrlr3sxkev
-
MD5
013be74eb7e2e9c3366b04e8b4c21d0a
-
SHA1
d8e22769a859d55510f4067aa00d5c2a432088e7
-
SHA256
3fd303a3c243a953380d5ca7fe0b2f0c60e3c37298b8e7d90980b5a08e65afd8
-
SHA512
2c984b80604d15aa17e5e89189a08a7fa101c54f21af9e0ced90db79d29b0c52c21cf08a1ff674a1b9f3d472d9a133f9d01fd10492bc0943434f2bb570609795
-
SSDEEP
3072:DxGX7p33ODAAvGa39o3kYQe/bqaoHVrhp/eT4iT9oBv:I9+Aa3yhTCnp/lipU
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
3fd303a3c243a953380d5ca7fe0b2f0c60e3c37298b8e7d90980b5a08e65afd8.exe
-
Size
121KB
-
MD5
013be74eb7e2e9c3366b04e8b4c21d0a
-
SHA1
d8e22769a859d55510f4067aa00d5c2a432088e7
-
SHA256
3fd303a3c243a953380d5ca7fe0b2f0c60e3c37298b8e7d90980b5a08e65afd8
-
SHA512
2c984b80604d15aa17e5e89189a08a7fa101c54f21af9e0ced90db79d29b0c52c21cf08a1ff674a1b9f3d472d9a133f9d01fd10492bc0943434f2bb570609795
-
SSDEEP
3072:DxGX7p33ODAAvGa39o3kYQe/bqaoHVrhp/eT4iT9oBv:I9+Aa3yhTCnp/lipU
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5