General
-
Target
fddfddb7dd2a7b0cd296e7d3b76224482be2bd07ca37442e03a64221e7d9727c
-
Size
2.9MB
-
Sample
241213-h4fyxssjc1
-
MD5
436ba0f1775668f6c89b2ff3d9334151
-
SHA1
61ac3d8d3edf6542294afff2f35916ef1c80a02e
-
SHA256
fddfddb7dd2a7b0cd296e7d3b76224482be2bd07ca37442e03a64221e7d9727c
-
SHA512
390a029681dea944eded3b39fcd51acfb09a5673e287b007e286907a6c9424439e7df2ae52752eaa3fceeb5ec5711cc5380449ebb5283a6d3e0f9539895ed87c
-
SSDEEP
49152:D8DVL71yklvCR2PaWp7/1gljn3XmPuX7NrJTl2kIhug3G3zAXAT:D8DL/Ptp79glr3XRX7NrT2La
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fddfddb7dd2a7b0cd296e7d3b76224482be2bd07ca37442e03a64221e7d9727c
-
Size
2.9MB
-
MD5
436ba0f1775668f6c89b2ff3d9334151
-
SHA1
61ac3d8d3edf6542294afff2f35916ef1c80a02e
-
SHA256
fddfddb7dd2a7b0cd296e7d3b76224482be2bd07ca37442e03a64221e7d9727c
-
SHA512
390a029681dea944eded3b39fcd51acfb09a5673e287b007e286907a6c9424439e7df2ae52752eaa3fceeb5ec5711cc5380449ebb5283a6d3e0f9539895ed87c
-
SSDEEP
49152:D8DVL71yklvCR2PaWp7/1gljn3XmPuX7NrJTl2kIhug3G3zAXAT:D8DL/Ptp79glr3XRX7NrT2La
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5