General
-
Target
743ed30f083e4f5ba6fca45ea6dd2c5242e706edef31d1d50c812db771a5427d
-
Size
1.4MB
-
Sample
250101-hmjcqazqej
-
MD5
5d04c0f38764758baa89c4f5cddb91a1
-
SHA1
0815d6dc3eca0d03000aae95ab79e07330281cd7
-
SHA256
743ed30f083e4f5ba6fca45ea6dd2c5242e706edef31d1d50c812db771a5427d
-
SHA512
6b733d6851aef9ec38d0a2481b152cf1c5e57fd1bd49ab0c3f6a56c8e3d607da5f5ac48a154a52e6f591f731ab9438a44543dd040055edce3935c39acccce9df
-
SSDEEP
24576:HtgWpV9LbbMHrPC+Nu321XEGZ6L9goSpAmkf2g1wWhq:HtBb2Wl32FrZ6L/SpAmkug1wWQ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
743ed30f083e4f5ba6fca45ea6dd2c5242e706edef31d1d50c812db771a5427d
-
Size
1.4MB
-
MD5
5d04c0f38764758baa89c4f5cddb91a1
-
SHA1
0815d6dc3eca0d03000aae95ab79e07330281cd7
-
SHA256
743ed30f083e4f5ba6fca45ea6dd2c5242e706edef31d1d50c812db771a5427d
-
SHA512
6b733d6851aef9ec38d0a2481b152cf1c5e57fd1bd49ab0c3f6a56c8e3d607da5f5ac48a154a52e6f591f731ab9438a44543dd040055edce3935c39acccce9df
-
SSDEEP
24576:HtgWpV9LbbMHrPC+Nu321XEGZ6L9goSpAmkf2g1wWhq:HtBb2Wl32FrZ6L/SpAmkug1wWQ
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5