General
-
Target
6248da6ac25725f57bfa17797f7d734c05a19757778dbe9b501177360e0e7aaa
-
Size
446KB
-
Sample
241226-hl4l9szjej
-
MD5
2caef2d80eeb263cf15e8e808bbc5617
-
SHA1
9b6c12439e1087e794ab3b520dd5f2492c4f9e2e
-
SHA256
6248da6ac25725f57bfa17797f7d734c05a19757778dbe9b501177360e0e7aaa
-
SHA512
ce80ac84933ad7f7d8b0da3841764e16681487fe9e86168da46f45793e5acd2f23417b97a8bbdb018b15f0ed665ce48a619c77dbc1e7c079a0393890fdb80550
-
SSDEEP
12288:jABlbRfkyyB+GCU68kAaGDRtBGjpDIJh44:j4lbhtyBHHAGDRtBGjpDIJh5
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6248da6ac25725f57bfa17797f7d734c05a19757778dbe9b501177360e0e7aaa
-
Size
446KB
-
MD5
2caef2d80eeb263cf15e8e808bbc5617
-
SHA1
9b6c12439e1087e794ab3b520dd5f2492c4f9e2e
-
SHA256
6248da6ac25725f57bfa17797f7d734c05a19757778dbe9b501177360e0e7aaa
-
SHA512
ce80ac84933ad7f7d8b0da3841764e16681487fe9e86168da46f45793e5acd2f23417b97a8bbdb018b15f0ed665ce48a619c77dbc1e7c079a0393890fdb80550
-
SSDEEP
12288:jABlbRfkyyB+GCU68kAaGDRtBGjpDIJh44:j4lbhtyBHHAGDRtBGjpDIJh5
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5