General
-
Target
c8738618b93613ebc2f8e53cf61326dad58246448b4a902a846c1aefe992d786
-
Size
348KB
-
Sample
241231-d9rv6awjg1
-
MD5
239f9b69cff9b615d0d137c7c4d95ab9
-
SHA1
b455019b0ae6e89fcc47ff31460dd49536c133b2
-
SHA256
c8738618b93613ebc2f8e53cf61326dad58246448b4a902a846c1aefe992d786
-
SHA512
013997c6697704f7d3a2053a28e22cf9b9b340ba5747638d340e03d982ee45053d685bd6440e978497996ba1436db58c2b87d54be3764175ea6a8490556caa2f
-
SSDEEP
6144:io+AdpbEPf4Qn65VGQgpYZPqIpSWZfX817+eiaGGPUVm:io3CPQosVhgwPqUeRDPum
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
c8738618b93613ebc2f8e53cf61326dad58246448b4a902a846c1aefe992d786
-
Size
348KB
-
MD5
239f9b69cff9b615d0d137c7c4d95ab9
-
SHA1
b455019b0ae6e89fcc47ff31460dd49536c133b2
-
SHA256
c8738618b93613ebc2f8e53cf61326dad58246448b4a902a846c1aefe992d786
-
SHA512
013997c6697704f7d3a2053a28e22cf9b9b340ba5747638d340e03d982ee45053d685bd6440e978497996ba1436db58c2b87d54be3764175ea6a8490556caa2f
-
SSDEEP
6144:io+AdpbEPf4Qn65VGQgpYZPqIpSWZfX817+eiaGGPUVm:io3CPQosVhgwPqUeRDPum
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5