General
-
Target
a97e3a1c95a4c991f7003fe1d371d2bb3f4bc7e46095dec55ed2cb8ec7cf7033N.exe
-
Size
65KB
-
Sample
241226-xdc7nsvnal
-
MD5
34beedf729fe96e4373520f73f4bb020
-
SHA1
948d82dfd9c28bbfd06bfd6da6e23cd423896e12
-
SHA256
a97e3a1c95a4c991f7003fe1d371d2bb3f4bc7e46095dec55ed2cb8ec7cf7033
-
SHA512
54fdd8c97a1c4bba04e0287836ce1937bc6fc9b828eabebd9ce72ffe66dd9cb65ab4d49516d8dac7eb724fd582b3e503809ecd9f338ceb640b20b02f7104de47
-
SSDEEP
1536:JGjtEqXJ0fjxiOYoqDdOz7iHF8zD1LvEVgOPgx/89M0/U:sjdJ04D8z7iHwBzOkX08
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a97e3a1c95a4c991f7003fe1d371d2bb3f4bc7e46095dec55ed2cb8ec7cf7033N.exe
-
Size
65KB
-
MD5
34beedf729fe96e4373520f73f4bb020
-
SHA1
948d82dfd9c28bbfd06bfd6da6e23cd423896e12
-
SHA256
a97e3a1c95a4c991f7003fe1d371d2bb3f4bc7e46095dec55ed2cb8ec7cf7033
-
SHA512
54fdd8c97a1c4bba04e0287836ce1937bc6fc9b828eabebd9ce72ffe66dd9cb65ab4d49516d8dac7eb724fd582b3e503809ecd9f338ceb640b20b02f7104de47
-
SSDEEP
1536:JGjtEqXJ0fjxiOYoqDdOz7iHF8zD1LvEVgOPgx/89M0/U:sjdJ04D8z7iHwBzOkX08
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5