General
-
Target
d4a1d3dd8c9091068f9227aaa435da74a871af1da4164dc5f91d934fc3b32bd7
-
Size
1.8MB
-
Sample
241213-nj99xsymel
-
MD5
b186b8142860215e1620ed51e82ab351
-
SHA1
133a0e6dde13d71f1a4119e2b61671798fd4ae6f
-
SHA256
d4a1d3dd8c9091068f9227aaa435da74a871af1da4164dc5f91d934fc3b32bd7
-
SHA512
df7699c70077cbfc4c1670bdd03537165aa97df078e772b85b19de5769e3f38f387c4b4a80102c1de9bc836987c18f8fbbd5c4fa18d07aa442892dcd436288e3
-
SSDEEP
49152:z+UrfhixCmnGLgj1yzHwnzvt/wwwwsG378E1HuiTGUWU0rRb3az:z+Urfhtmnn3wE1+z8
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d4a1d3dd8c9091068f9227aaa435da74a871af1da4164dc5f91d934fc3b32bd7
-
Size
1.8MB
-
MD5
b186b8142860215e1620ed51e82ab351
-
SHA1
133a0e6dde13d71f1a4119e2b61671798fd4ae6f
-
SHA256
d4a1d3dd8c9091068f9227aaa435da74a871af1da4164dc5f91d934fc3b32bd7
-
SHA512
df7699c70077cbfc4c1670bdd03537165aa97df078e772b85b19de5769e3f38f387c4b4a80102c1de9bc836987c18f8fbbd5c4fa18d07aa442892dcd436288e3
-
SSDEEP
49152:z+UrfhixCmnGLgj1yzHwnzvt/wwwwsG378E1HuiTGUWU0rRb3az:z+Urfhtmnn3wE1+z8
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5