General
-
Target
0795bc52b2e4acdf7407db9d5cd665efba39c32135a156e560f5544e4b5be398
-
Size
802KB
-
Sample
241220-g4lnqsspaq
-
MD5
6b1a1a8882158bd7c4948344fdf95167
-
SHA1
a8f8c5fefe2c24cfba38ac16536a7d459aed3182
-
SHA256
0795bc52b2e4acdf7407db9d5cd665efba39c32135a156e560f5544e4b5be398
-
SHA512
35e89d66b9d21641d43e9de46e4956500567d657a0cfca12c62f88f50131d7f44c2d25a350eab7745bd340b36722b0d42ab385ec15b9db15209fb56594d8a0de
-
SSDEEP
12288:wITsqgmDWSpR+Gqv1gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBAq8Y:wIXgCWSpRyvdSJVDsVu5unzqWvX1CY
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0795bc52b2e4acdf7407db9d5cd665efba39c32135a156e560f5544e4b5be398
-
Size
802KB
-
MD5
6b1a1a8882158bd7c4948344fdf95167
-
SHA1
a8f8c5fefe2c24cfba38ac16536a7d459aed3182
-
SHA256
0795bc52b2e4acdf7407db9d5cd665efba39c32135a156e560f5544e4b5be398
-
SHA512
35e89d66b9d21641d43e9de46e4956500567d657a0cfca12c62f88f50131d7f44c2d25a350eab7745bd340b36722b0d42ab385ec15b9db15209fb56594d8a0de
-
SSDEEP
12288:wITsqgmDWSpR+Gqv1gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBAq8Y:wIXgCWSpRyvdSJVDsVu5unzqWvX1CY
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5