General
-
Target
2008cb1d908ce73aea5789b93ea49b8adbfa50e3026f1b068c2058a505f42ded
-
Size
460KB
-
Sample
241226-my8tzatmax
-
MD5
310b0b81bc40ee9c5265afb3b0e9505f
-
SHA1
208c893a523cbc1d3762b99dfb944fa586b2ebda
-
SHA256
2008cb1d908ce73aea5789b93ea49b8adbfa50e3026f1b068c2058a505f42ded
-
SHA512
160aa88da514c66bb414b454cf5b7b59e757555f62657a238903e7809f36155c588b0eb56c51be888fc99f6b0714ee4f44af520ae740703f3207363c149ecc02
-
SSDEEP
12288:AEgH5Xgff6EMiFgx/yRatkHoFTUgdD+LRv/d:AEEgqEMi+yRatkeYSC1d
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2008cb1d908ce73aea5789b93ea49b8adbfa50e3026f1b068c2058a505f42ded
-
Size
460KB
-
MD5
310b0b81bc40ee9c5265afb3b0e9505f
-
SHA1
208c893a523cbc1d3762b99dfb944fa586b2ebda
-
SHA256
2008cb1d908ce73aea5789b93ea49b8adbfa50e3026f1b068c2058a505f42ded
-
SHA512
160aa88da514c66bb414b454cf5b7b59e757555f62657a238903e7809f36155c588b0eb56c51be888fc99f6b0714ee4f44af520ae740703f3207363c149ecc02
-
SSDEEP
12288:AEgH5Xgff6EMiFgx/yRatkHoFTUgdD+LRv/d:AEEgqEMi+yRatkeYSC1d
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5