General
-
Target
d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
-
Size
1.7MB
-
Sample
241230-r789baxpdj
-
MD5
9bb354ef015296fb6fa8532a19db0729
-
SHA1
4e2bdc58be34c327edf09f3d1f1ec391a52d0a67
-
SHA256
d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
-
SHA512
f4633cbd5379f4f8d45f336e403a84ada72ddc21f7e123344ffe95ede6fd75c206dc84a59570e91b45140e9146138bdf2ab1d3bdd960bef822f0d8fcd8cbb308
-
SSDEEP
24576:2UsgU2g/vBGiXTH5A2PyMuWdsL7P6QQhxKIEUmsxdvpDV8LBnmbTZxil3BMzlueF:2UtU2WKwHuNH+HK8Xdv1lbTZKMzlueF
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
-
Size
1.7MB
-
MD5
9bb354ef015296fb6fa8532a19db0729
-
SHA1
4e2bdc58be34c327edf09f3d1f1ec391a52d0a67
-
SHA256
d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
-
SHA512
f4633cbd5379f4f8d45f336e403a84ada72ddc21f7e123344ffe95ede6fd75c206dc84a59570e91b45140e9146138bdf2ab1d3bdd960bef822f0d8fcd8cbb308
-
SSDEEP
24576:2UsgU2g/vBGiXTH5A2PyMuWdsL7P6QQhxKIEUmsxdvpDV8LBnmbTZxil3BMzlueF:2UtU2WKwHuNH+HK8Xdv1lbTZKMzlueF
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5