General
-
Target
bf209786a5542dc913ae829e0d1a0ada90a7f9c62fd04d1408619e903dd97bc6.exe
-
Size
65KB
-
Sample
241230-2wbh1sspar
-
MD5
f7004de7ea986ebbedbf764094221399
-
SHA1
e16c033cdcbfb93c58a10b5b2388a834f8dfe031
-
SHA256
bf209786a5542dc913ae829e0d1a0ada90a7f9c62fd04d1408619e903dd97bc6
-
SHA512
ef8d352ba244126bdfed0ece6b33d3543d87e68349a267f8c1b56982cab2981e627981bce8ee8e36b4d7575c192037c03657700e57da7674aa074398b3b5de10
-
SSDEEP
1536:K8VlsybzNUYpup7FcMzWr41NMy5D0ycRPLuYresuCt:FVlLVp2hcMzWs1j5YyW/uCt
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bf209786a5542dc913ae829e0d1a0ada90a7f9c62fd04d1408619e903dd97bc6.exe
-
Size
65KB
-
MD5
f7004de7ea986ebbedbf764094221399
-
SHA1
e16c033cdcbfb93c58a10b5b2388a834f8dfe031
-
SHA256
bf209786a5542dc913ae829e0d1a0ada90a7f9c62fd04d1408619e903dd97bc6
-
SHA512
ef8d352ba244126bdfed0ece6b33d3543d87e68349a267f8c1b56982cab2981e627981bce8ee8e36b4d7575c192037c03657700e57da7674aa074398b3b5de10
-
SSDEEP
1536:K8VlsybzNUYpup7FcMzWr41NMy5D0ycRPLuYresuCt:FVlLVp2hcMzWs1j5YyW/uCt
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5