General
-
Target
9af3a06787c32483f0b2bb516df5d3e78de72215efe7a183d512406aa6b26cfc
-
Size
120KB
-
Sample
241229-cntxysyqez
-
MD5
5744aebab236b969abc08da4a88c3745
-
SHA1
340df8644e6bfcec8487f7a91409cb0c3d53cc7e
-
SHA256
9af3a06787c32483f0b2bb516df5d3e78de72215efe7a183d512406aa6b26cfc
-
SHA512
2c179fcc0b4ac126fb42edf9c5c53ff1bddb61a980f5a37d0b460b84b272bf18d2e0d143ead308d339975fce2f76fb039cf41f9470e5be55a586b31efaccd75c
-
SSDEEP
1536:41dVfjrQlgLiV1GLgnhBv9pB8q/JZ/qYK/bBOtR5BGqYlowz6g3tWkhu6DIR9O8:uJQa7gnHrBJ/XqYa1kRKq6o2Xu6cR9R
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9af3a06787c32483f0b2bb516df5d3e78de72215efe7a183d512406aa6b26cfc
-
Size
120KB
-
MD5
5744aebab236b969abc08da4a88c3745
-
SHA1
340df8644e6bfcec8487f7a91409cb0c3d53cc7e
-
SHA256
9af3a06787c32483f0b2bb516df5d3e78de72215efe7a183d512406aa6b26cfc
-
SHA512
2c179fcc0b4ac126fb42edf9c5c53ff1bddb61a980f5a37d0b460b84b272bf18d2e0d143ead308d339975fce2f76fb039cf41f9470e5be55a586b31efaccd75c
-
SSDEEP
1536:41dVfjrQlgLiV1GLgnhBv9pB8q/JZ/qYK/bBOtR5BGqYlowz6g3tWkhu6DIR9O8:uJQa7gnHrBJ/XqYa1kRKq6o2Xu6cR9R
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5