General
-
Target
17b5d7c3a3efd4d4d7f1721faefb9248538ea42fc675ae204d0db790c231b2e4
-
Size
97KB
-
Sample
250125-y4v1vazrfm
-
MD5
c77ea3f7558f036022946aa2a37bb8be
-
SHA1
5aaeb504de363edfc7c84183e23c0d8ccf68fdfe
-
SHA256
17b5d7c3a3efd4d4d7f1721faefb9248538ea42fc675ae204d0db790c231b2e4
-
SHA512
657229d4969e9ea98de0f240cb053d02ec3e8f2cd71d346fd97892127c4ecadf186225f267ba555d771684634623473e54d3d9405cb83e7d1d29e904f8e981c8
-
SSDEEP
1536:ft4lbnjLG/xktM4VUg0svhj0TofkM6YMlk9Lx+rIe61eftIDzUK7tyH7jn:fmnjWS5Vb03T309Lx+r/nFKZ+
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
17b5d7c3a3efd4d4d7f1721faefb9248538ea42fc675ae204d0db790c231b2e4
-
Size
97KB
-
MD5
c77ea3f7558f036022946aa2a37bb8be
-
SHA1
5aaeb504de363edfc7c84183e23c0d8ccf68fdfe
-
SHA256
17b5d7c3a3efd4d4d7f1721faefb9248538ea42fc675ae204d0db790c231b2e4
-
SHA512
657229d4969e9ea98de0f240cb053d02ec3e8f2cd71d346fd97892127c4ecadf186225f267ba555d771684634623473e54d3d9405cb83e7d1d29e904f8e981c8
-
SSDEEP
1536:ft4lbnjLG/xktM4VUg0svhj0TofkM6YMlk9Lx+rIe61eftIDzUK7tyH7jn:fmnjWS5Vb03T309Lx+r/nFKZ+
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5