General
-
Target
55d0c0a77720a7a34c2f7a4c053addf81792238edafbd634639cfb599ecf1737.exe
-
Size
120KB
-
Sample
241216-29wq4ssrev
-
MD5
a743091bdec11e611732a5b570af4414
-
SHA1
6eb00dae89886c9716a486937cfe8ba72dd5244e
-
SHA256
55d0c0a77720a7a34c2f7a4c053addf81792238edafbd634639cfb599ecf1737
-
SHA512
e125b69885c676ba112dfe76d670c04c756b6bbfc6ef19a0b48f75a1ca992e36bd6050f1dc0e5f0691d78a4549066eb067e5fb366fa60f0c1f870132c9d30900
-
SSDEEP
1536:Jz8+gCE1CsJalE6LsL+Mfy27remS1Yvg4AUtMRoiG8/efJdxIFUmqfV1wfmMB7WD:F5gXoIl6LD9AwYA2yo2/wJ8SdN1uvw
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
55d0c0a77720a7a34c2f7a4c053addf81792238edafbd634639cfb599ecf1737.exe
-
Size
120KB
-
MD5
a743091bdec11e611732a5b570af4414
-
SHA1
6eb00dae89886c9716a486937cfe8ba72dd5244e
-
SHA256
55d0c0a77720a7a34c2f7a4c053addf81792238edafbd634639cfb599ecf1737
-
SHA512
e125b69885c676ba112dfe76d670c04c756b6bbfc6ef19a0b48f75a1ca992e36bd6050f1dc0e5f0691d78a4549066eb067e5fb366fa60f0c1f870132c9d30900
-
SSDEEP
1536:Jz8+gCE1CsJalE6LsL+Mfy27remS1Yvg4AUtMRoiG8/efJdxIFUmqfV1wfmMB7WD:F5gXoIl6LD9AwYA2yo2/wJ8SdN1uvw
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5