General
-
Target
668a77e56ffe7f4fbecbf20b6294ec109179aaa0bc17a946a4d981e07aa07b05N.exe
-
Size
65KB
-
Sample
241220-be78jsvnes
-
MD5
7261b53c688fd5017fe7bb848b4c1d80
-
SHA1
937ce9dc022841fa123583a0697577782798faa5
-
SHA256
668a77e56ffe7f4fbecbf20b6294ec109179aaa0bc17a946a4d981e07aa07b05
-
SHA512
f67b101fa47e7733affa7bbbb8a1234b3baae31a09196159ae4ca6e2eadde6ee5abdc2b63ff2bce099b917409aa2fadd18f5de8d6388c3e97a9472ffea584286
-
SSDEEP
1536:ZjDjWL4KAmZmKRZk2jEQuRiYIuMLxnp4mFW6D7Khma/hYd1KJ:ZjuL4OmqZk8peiYsLxn1a0wYdw
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
668a77e56ffe7f4fbecbf20b6294ec109179aaa0bc17a946a4d981e07aa07b05N.exe
-
Size
65KB
-
MD5
7261b53c688fd5017fe7bb848b4c1d80
-
SHA1
937ce9dc022841fa123583a0697577782798faa5
-
SHA256
668a77e56ffe7f4fbecbf20b6294ec109179aaa0bc17a946a4d981e07aa07b05
-
SHA512
f67b101fa47e7733affa7bbbb8a1234b3baae31a09196159ae4ca6e2eadde6ee5abdc2b63ff2bce099b917409aa2fadd18f5de8d6388c3e97a9472ffea584286
-
SSDEEP
1536:ZjDjWL4KAmZmKRZk2jEQuRiYIuMLxnp4mFW6D7Khma/hYd1KJ:ZjuL4OmqZk8peiYsLxn1a0wYdw
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5