General
-
Target
39f00325d1ff42e1914f8d82940e312c21591b4e5ec7c9b204d900cb129cbec0N.exe
-
Size
340KB
-
Sample
241216-q2a9na1rdv
-
MD5
6d67487d1296e476db084d70b636f9d0
-
SHA1
bc03a3afd580b1db515b84891d74ce183bd70c77
-
SHA256
39f00325d1ff42e1914f8d82940e312c21591b4e5ec7c9b204d900cb129cbec0
-
SHA512
35473b539a8a1609a379c92f98f135dd5903a8437e14adb468b49f9ecdac9d77dbd9f41dea58ec7508c0537cded3bbc47e998415e741e21db8fdffe55dad7030
-
SSDEEP
6144:0ZeL8kowN9CsNTBfE1Mx3gJ4Wyb6QZVuq7yYPbmL:0Y8koaCsNT5EWxM7iZVRyYjmL
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
39f00325d1ff42e1914f8d82940e312c21591b4e5ec7c9b204d900cb129cbec0N.exe
-
Size
340KB
-
MD5
6d67487d1296e476db084d70b636f9d0
-
SHA1
bc03a3afd580b1db515b84891d74ce183bd70c77
-
SHA256
39f00325d1ff42e1914f8d82940e312c21591b4e5ec7c9b204d900cb129cbec0
-
SHA512
35473b539a8a1609a379c92f98f135dd5903a8437e14adb468b49f9ecdac9d77dbd9f41dea58ec7508c0537cded3bbc47e998415e741e21db8fdffe55dad7030
-
SSDEEP
6144:0ZeL8kowN9CsNTBfE1Mx3gJ4Wyb6QZVuq7yYPbmL:0Y8koaCsNT5EWxM7iZVRyYjmL
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5