General
-
Target
0293d1b458466cfe2feaf63e3539cb384fe739ff05de26a23bbd50104e30877a
-
Size
120KB
-
Sample
241211-xs172szjhn
-
MD5
a15f43c40f63475120c09dffacb5ed83
-
SHA1
2008298f678ada46534bba38fd5616c132faa091
-
SHA256
0293d1b458466cfe2feaf63e3539cb384fe739ff05de26a23bbd50104e30877a
-
SHA512
5b40e70563347fc3e0301a0f6145c2d2ece31a6b4b69b528d44a7e7eeaef04ca71e6f72bf5004a1f372878c1d1a7c69059dfef02083e9a113904e1ae36135493
-
SSDEEP
1536:ySWlmUdV8eQhl4ChjQPfZrvVUkyLdvb+ZREn2hXdjp0B8iaxLKY7XQZYjkFw/hgn:ySWlmUdOQPffz6d+U2/iCjQZYYmZg
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0293d1b458466cfe2feaf63e3539cb384fe739ff05de26a23bbd50104e30877a
-
Size
120KB
-
MD5
a15f43c40f63475120c09dffacb5ed83
-
SHA1
2008298f678ada46534bba38fd5616c132faa091
-
SHA256
0293d1b458466cfe2feaf63e3539cb384fe739ff05de26a23bbd50104e30877a
-
SHA512
5b40e70563347fc3e0301a0f6145c2d2ece31a6b4b69b528d44a7e7eeaef04ca71e6f72bf5004a1f372878c1d1a7c69059dfef02083e9a113904e1ae36135493
-
SSDEEP
1536:ySWlmUdV8eQhl4ChjQPfZrvVUkyLdvb+ZREn2hXdjp0B8iaxLKY7XQZYjkFw/hgn:ySWlmUdOQPffz6d+U2/iCjQZYYmZg
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5