General
-
Target
bfb23d93226861e0261e0be2bda53f342e9cc5642fa7070171a5bea166034155.exe
-
Size
1.8MB
-
Sample
241217-emj3ga1ldn
-
MD5
0c729c324cac412fcb9913c4ce8c9d61
-
SHA1
c4c40bbd58bad94b6b44ed948dafda0a10ef71fb
-
SHA256
bfb23d93226861e0261e0be2bda53f342e9cc5642fa7070171a5bea166034155
-
SHA512
55730bbf750b35437a810f2d24ff7c2ce217f50799b428f4aeb048a5ff6a8813b6635bcf92496ab2676f1e807d1f3ba116026b2889f9ab668d99c0fbde84e02d
-
SSDEEP
49152:sbTC9RxKCnFnQXBbrtgb/iQvu0UHOaYmLCS:s6zxvWbrtUTrUHO27
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
bfb23d93226861e0261e0be2bda53f342e9cc5642fa7070171a5bea166034155.exe
-
Size
1.8MB
-
MD5
0c729c324cac412fcb9913c4ce8c9d61
-
SHA1
c4c40bbd58bad94b6b44ed948dafda0a10ef71fb
-
SHA256
bfb23d93226861e0261e0be2bda53f342e9cc5642fa7070171a5bea166034155
-
SHA512
55730bbf750b35437a810f2d24ff7c2ce217f50799b428f4aeb048a5ff6a8813b6635bcf92496ab2676f1e807d1f3ba116026b2889f9ab668d99c0fbde84e02d
-
SSDEEP
49152:sbTC9RxKCnFnQXBbrtgb/iQvu0UHOaYmLCS:s6zxvWbrtUTrUHO27
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5