General
-
Target
9faea0df5d8d38a76fce4ccaa59db18e3a723cab0ebfee2b3b17b68f992de9b9.exe
-
Size
1.0MB
-
Sample
241217-n5ep5symbs
-
MD5
39feef99431b7fd09676e9b4e4034d45
-
SHA1
f7c323e7b34e12b34c0d025ca14858312fdeb822
-
SHA256
9faea0df5d8d38a76fce4ccaa59db18e3a723cab0ebfee2b3b17b68f992de9b9
-
SHA512
ace14badd842affa850c2251cfd82fce35974d8787c8a9210e6a7344a399e7bc220d842d7d686f38d99c7ffb7647ecba177b3b726c239d7fea09856992ef825f
-
SSDEEP
24576:vzXbv1ozXKLRVC8e2mnGVMn8FliPNUtYnFohcJY8+dAIZKL+K5bq:vYGYncENUtYnFoeG8+dAgKL+KE
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9faea0df5d8d38a76fce4ccaa59db18e3a723cab0ebfee2b3b17b68f992de9b9.exe
-
Size
1.0MB
-
MD5
39feef99431b7fd09676e9b4e4034d45
-
SHA1
f7c323e7b34e12b34c0d025ca14858312fdeb822
-
SHA256
9faea0df5d8d38a76fce4ccaa59db18e3a723cab0ebfee2b3b17b68f992de9b9
-
SHA512
ace14badd842affa850c2251cfd82fce35974d8787c8a9210e6a7344a399e7bc220d842d7d686f38d99c7ffb7647ecba177b3b726c239d7fea09856992ef825f
-
SSDEEP
24576:vzXbv1ozXKLRVC8e2mnGVMn8FliPNUtYnFohcJY8+dAIZKL+K5bq:vYGYncENUtYnFoeG8+dAgKL+KE
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5