General
-
Target
6a2980da5618ff8d240041065e322ecbd96cb8cc7654fb96566f0512758a4721.exe
-
Size
120KB
-
Sample
241210-mt5xhsylhl
-
MD5
52d85606b8ea06b4baebc38c33576915
-
SHA1
4bab6134a37e54d80c9672481708fb0820bc339c
-
SHA256
6a2980da5618ff8d240041065e322ecbd96cb8cc7654fb96566f0512758a4721
-
SHA512
64d6a6a6a9db909c510c6e8734fa899ab0903d62dd1d7ebdb9218dcacc9c58315a1ef2d7ba0dd494b9a0aebabf2bd70fa8e84be9f17188715a66c412953df0bd
-
SSDEEP
3072:B53XHzYwtgP+BXITX17SjgtmA+ebJAaxG7Dbu5q:nYiNG1qqtBwXeq
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6a2980da5618ff8d240041065e322ecbd96cb8cc7654fb96566f0512758a4721.exe
-
Size
120KB
-
MD5
52d85606b8ea06b4baebc38c33576915
-
SHA1
4bab6134a37e54d80c9672481708fb0820bc339c
-
SHA256
6a2980da5618ff8d240041065e322ecbd96cb8cc7654fb96566f0512758a4721
-
SHA512
64d6a6a6a9db909c510c6e8734fa899ab0903d62dd1d7ebdb9218dcacc9c58315a1ef2d7ba0dd494b9a0aebabf2bd70fa8e84be9f17188715a66c412953df0bd
-
SSDEEP
3072:B53XHzYwtgP+BXITX17SjgtmA+ebJAaxG7Dbu5q:nYiNG1qqtBwXeq
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5