General
-
Target
8e8b199203c9c7c9e649fbc2332d117cbc93c48c2731d731f2b81841c7861517N.exe
-
Size
120KB
-
Sample
241216-n8gnxa1jgl
-
MD5
5126662a2aad02c1bdbab148c5c167b0
-
SHA1
bfa728f3c23576976f39d893d9f048c527ad1ac4
-
SHA256
8e8b199203c9c7c9e649fbc2332d117cbc93c48c2731d731f2b81841c7861517
-
SHA512
21901436ddf77b1518550526e5e54db0ebb28334340449ddf96d05cb18ae5aae7a23c28a5adb461f860248db9bc080d6d613c98f6b841667fb3850e9a8ef8622
-
SSDEEP
3072:rZGVctUQQidOnJzpWcdilfyqAGouM/dIGfJg:UV5idQYZXAly
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8e8b199203c9c7c9e649fbc2332d117cbc93c48c2731d731f2b81841c7861517N.exe
-
Size
120KB
-
MD5
5126662a2aad02c1bdbab148c5c167b0
-
SHA1
bfa728f3c23576976f39d893d9f048c527ad1ac4
-
SHA256
8e8b199203c9c7c9e649fbc2332d117cbc93c48c2731d731f2b81841c7861517
-
SHA512
21901436ddf77b1518550526e5e54db0ebb28334340449ddf96d05cb18ae5aae7a23c28a5adb461f860248db9bc080d6d613c98f6b841667fb3850e9a8ef8622
-
SSDEEP
3072:rZGVctUQQidOnJzpWcdilfyqAGouM/dIGfJg:UV5idQYZXAly
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5