General
-
Target
16df53c28b78a20c87485f9796cb63fb8e849704afebdcb128574f311a039f2b.exe
-
Size
120KB
-
Sample
241217-er6f9s1mgk
-
MD5
b6c3a66d700c351a957b2f886a46b5fb
-
SHA1
17ed6ea125b0f77308c64881c9652055e449adcb
-
SHA256
16df53c28b78a20c87485f9796cb63fb8e849704afebdcb128574f311a039f2b
-
SHA512
5c03eaa789770065c2c36c2fae5d824f5a6de18997eb61e01541228570e482d6bf4625e1df8eff78f0683fe8551e9b93235f5011f0ef9e8adca25f320584b925
-
SSDEEP
1536:LUDFIbOBGqjS+WfDLXZtssJswtaJvsOoHPq9Fv33nyIeLy82JFILNqO:L2kOsmS+cptyJvsDHSnnyIaB2JFILJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
16df53c28b78a20c87485f9796cb63fb8e849704afebdcb128574f311a039f2b.exe
-
Size
120KB
-
MD5
b6c3a66d700c351a957b2f886a46b5fb
-
SHA1
17ed6ea125b0f77308c64881c9652055e449adcb
-
SHA256
16df53c28b78a20c87485f9796cb63fb8e849704afebdcb128574f311a039f2b
-
SHA512
5c03eaa789770065c2c36c2fae5d824f5a6de18997eb61e01541228570e482d6bf4625e1df8eff78f0683fe8551e9b93235f5011f0ef9e8adca25f320584b925
-
SSDEEP
1536:LUDFIbOBGqjS+WfDLXZtssJswtaJvsOoHPq9Fv33nyIeLy82JFILNqO:L2kOsmS+cptyJvsDHSnnyIaB2JFILJ
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5