General
-
Target
9459178f037ed3daa326346a3a05cf541c6e06fc9bdd28c203ae0867f9449c3d
-
Size
2.4MB
-
Sample
241215-g4mk2axrdq
-
MD5
33fe72ab26f5e18b761f45896787f05f
-
SHA1
775cd3f477a32dfbad0a9cc11e5504051216bdca
-
SHA256
9459178f037ed3daa326346a3a05cf541c6e06fc9bdd28c203ae0867f9449c3d
-
SHA512
746638c73e0dece20c5febd1f74134319d78a159ed19df7725066bfc87867036686208c3e41651132b43d50067ababad8d6e9c35f2a7af02994c6a438a8f99e0
-
SSDEEP
49152:NcxQUmHZuZ793bhF6hXZXTexDB6P7QvLmkZf6ddFp5FQYany:NwQUmHZ6793CXDeXEQzmR1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9459178f037ed3daa326346a3a05cf541c6e06fc9bdd28c203ae0867f9449c3d
-
Size
2.4MB
-
MD5
33fe72ab26f5e18b761f45896787f05f
-
SHA1
775cd3f477a32dfbad0a9cc11e5504051216bdca
-
SHA256
9459178f037ed3daa326346a3a05cf541c6e06fc9bdd28c203ae0867f9449c3d
-
SHA512
746638c73e0dece20c5febd1f74134319d78a159ed19df7725066bfc87867036686208c3e41651132b43d50067ababad8d6e9c35f2a7af02994c6a438a8f99e0
-
SSDEEP
49152:NcxQUmHZuZ793bhF6hXZXTexDB6P7QvLmkZf6ddFp5FQYany:NwQUmHZ6793CXDeXEQzmR1
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5