General
-
Target
43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
-
Size
432KB
-
Sample
241213-nfmpfsylfj
-
MD5
ee53bebaff4b8000f26abc91c62375ff
-
SHA1
299bc7b27630f1cfb4486409343d515bf3a6c415
-
SHA256
43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
-
SHA512
ded560b851ca872a5998e6aa597d2663c8e94a008c93e32b55a73377547bed2f2ead503d8f1eb5ce1316a53d0e72f718636238715298a44c668d271308ea12ba
-
SSDEEP
6144:WdOvoyKI0COYIN47ZGpimMK53wxD9sU+zcCE3fmzL8dav7gO/:1onXd47ZG4mx53wv+gCE0Rv0O/
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
-
Size
432KB
-
MD5
ee53bebaff4b8000f26abc91c62375ff
-
SHA1
299bc7b27630f1cfb4486409343d515bf3a6c415
-
SHA256
43a56aa102c3177c0dfaba14b4b01dc3c823b9e012926c1a19cc9e903e947299
-
SHA512
ded560b851ca872a5998e6aa597d2663c8e94a008c93e32b55a73377547bed2f2ead503d8f1eb5ce1316a53d0e72f718636238715298a44c668d271308ea12ba
-
SSDEEP
6144:WdOvoyKI0COYIN47ZGpimMK53wxD9sU+zcCE3fmzL8dav7gO/:1onXd47ZG4mx53wv+gCE0Rv0O/
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5