General
-
Target
9c9dad70db189bb76d40c9f22cd120a03d0b2ee5a4c94fb43b93ed9dec94cf47N.exe
-
Size
65KB
-
Sample
241216-ba1b5svrgy
-
MD5
3088382ded1c3911d78c3e35f529aed0
-
SHA1
3da36e9d217d35385c351cc836303c939f6a60f0
-
SHA256
9c9dad70db189bb76d40c9f22cd120a03d0b2ee5a4c94fb43b93ed9dec94cf47
-
SHA512
daad526f5acc02df7af366bc2e559efa9c2903fd712eb0802be4758d425171c04a1adce816fbfd57735924502edd6be2d4ba37f6415744219901de440d6e04c8
-
SSDEEP
1536:+4UG9QpKB1wIZkuRsQp8X9il3QIyoiuJGznymuu:D5kIZkuW4vl3QIyoiuJGX
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9c9dad70db189bb76d40c9f22cd120a03d0b2ee5a4c94fb43b93ed9dec94cf47N.exe
-
Size
65KB
-
MD5
3088382ded1c3911d78c3e35f529aed0
-
SHA1
3da36e9d217d35385c351cc836303c939f6a60f0
-
SHA256
9c9dad70db189bb76d40c9f22cd120a03d0b2ee5a4c94fb43b93ed9dec94cf47
-
SHA512
daad526f5acc02df7af366bc2e559efa9c2903fd712eb0802be4758d425171c04a1adce816fbfd57735924502edd6be2d4ba37f6415744219901de440d6e04c8
-
SSDEEP
1536:+4UG9QpKB1wIZkuRsQp8X9il3QIyoiuJGznymuu:D5kIZkuW4vl3QIyoiuJGX
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5