General
-
Target
7a91254a860cef619f30c0d62eda5f661c20e07ff3e580543472d193e7295593
-
Size
1.7MB
-
Sample
241229-s66mgatrfj
-
MD5
c23aadf5b99ebd0e134682ad2bd035fa
-
SHA1
904f20a05bebaa356f87e4eeaa99243dd4117301
-
SHA256
7a91254a860cef619f30c0d62eda5f661c20e07ff3e580543472d193e7295593
-
SHA512
77121447a06e970537f5b5e0c8fd2e9ba05aac02cce5bd9927b8f6933d90afe0c69fc5e16d18b643a3835686fc827c7bc83bab9c52d55c60a8b7145981f07ec5
-
SSDEEP
49152:BdwfTC1k9gfda3S/OcvebT9+4EbOi2l8zGJNDAhDsa:ECaOfd9/3vMP5a
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7a91254a860cef619f30c0d62eda5f661c20e07ff3e580543472d193e7295593
-
Size
1.7MB
-
MD5
c23aadf5b99ebd0e134682ad2bd035fa
-
SHA1
904f20a05bebaa356f87e4eeaa99243dd4117301
-
SHA256
7a91254a860cef619f30c0d62eda5f661c20e07ff3e580543472d193e7295593
-
SHA512
77121447a06e970537f5b5e0c8fd2e9ba05aac02cce5bd9927b8f6933d90afe0c69fc5e16d18b643a3835686fc827c7bc83bab9c52d55c60a8b7145981f07ec5
-
SSDEEP
49152:BdwfTC1k9gfda3S/OcvebT9+4EbOi2l8zGJNDAhDsa:ECaOfd9/3vMP5a
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5