General
-
Target
485b083fdaca55d177d1c6a1923077509bf29269eb62405609af2ad786bf1c19
-
Size
1.2MB
-
Sample
241226-1rjhdssjcx
-
MD5
143127f98918b3d96de0c37675e99bf8
-
SHA1
c1c9bd02abb683e854310f3f6dc34a9dd9948c40
-
SHA256
485b083fdaca55d177d1c6a1923077509bf29269eb62405609af2ad786bf1c19
-
SHA512
9ba9349fcc35f7098da03d18f086895ebd9253da33099d4bcee388cc6deebb36160df0adb2b950b9f4399344bc5cc4d81c879263e706974b2c30495129a750bb
-
SSDEEP
12288:m61PUJjbEUN08GPLnRLwAdwA1jJVoz7jnGa42IXEbh1nqoSUxwrBKvinWxuR3swM:mGUJc/F0vGaQ2jnqoSUxwKiy2cKkv
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
485b083fdaca55d177d1c6a1923077509bf29269eb62405609af2ad786bf1c19
-
Size
1.2MB
-
MD5
143127f98918b3d96de0c37675e99bf8
-
SHA1
c1c9bd02abb683e854310f3f6dc34a9dd9948c40
-
SHA256
485b083fdaca55d177d1c6a1923077509bf29269eb62405609af2ad786bf1c19
-
SHA512
9ba9349fcc35f7098da03d18f086895ebd9253da33099d4bcee388cc6deebb36160df0adb2b950b9f4399344bc5cc4d81c879263e706974b2c30495129a750bb
-
SSDEEP
12288:m61PUJjbEUN08GPLnRLwAdwA1jJVoz7jnGa42IXEbh1nqoSUxwrBKvinWxuR3swM:mGUJc/F0vGaQ2jnqoSUxwKiy2cKkv
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5