General
-
Target
28cdd105b6c4dae1ba39c6979b90fcf433abba675f1147e6e2ca2b79cdbd0439
-
Size
273KB
-
Sample
241212-m95lpatqhp
-
MD5
0ccdfe61eedcb8a615f1953f9210e383
-
SHA1
45ca4b62ce3722d7c82139c5edc75d36d5ef188c
-
SHA256
28cdd105b6c4dae1ba39c6979b90fcf433abba675f1147e6e2ca2b79cdbd0439
-
SHA512
1b616314c41bb7294be6a3cf0efd8e37aa3fda03eafc2845ff1f0c63537ef05666a65e2baa06e37e2446c47a73c27217fe6618554d7b9b835e6ba19c26980cbd
-
SSDEEP
6144:S7gKNkhSR/5kHouyXnZhB+R8WHhAMZbt4v:S7gKNkhm/JuyXnPB+R8WHL8
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
28cdd105b6c4dae1ba39c6979b90fcf433abba675f1147e6e2ca2b79cdbd0439
-
Size
273KB
-
MD5
0ccdfe61eedcb8a615f1953f9210e383
-
SHA1
45ca4b62ce3722d7c82139c5edc75d36d5ef188c
-
SHA256
28cdd105b6c4dae1ba39c6979b90fcf433abba675f1147e6e2ca2b79cdbd0439
-
SHA512
1b616314c41bb7294be6a3cf0efd8e37aa3fda03eafc2845ff1f0c63537ef05666a65e2baa06e37e2446c47a73c27217fe6618554d7b9b835e6ba19c26980cbd
-
SSDEEP
6144:S7gKNkhSR/5kHouyXnZhB+R8WHhAMZbt4v:S7gKNkhm/JuyXnPB+R8WHL8
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5