General
-
Target
bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007N.exe
-
Size
65KB
-
Sample
250201-3yxppsxrbq
-
MD5
494ae3247c743693517233156ce2b500
-
SHA1
4381c79d157d6a144f41c4e764620ff814013cec
-
SHA256
bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007
-
SHA512
e40f965cd7fa4bf5a005e4bbd3c68a11fa325f8fc7e7360e38ac45ebb03e51cb6c22ccc2adfb35ec0a1d2b2b783835fa92ace9351fc01955f37b702ca422bde7
-
SSDEEP
1536:Am+WZd0NqxCiwPxrZmulp44QI7e9X3tBQbAmf:FZiUxfwPNZxvQI7mX3obpf
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007N.exe
-
Size
65KB
-
MD5
494ae3247c743693517233156ce2b500
-
SHA1
4381c79d157d6a144f41c4e764620ff814013cec
-
SHA256
bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007
-
SHA512
e40f965cd7fa4bf5a005e4bbd3c68a11fa325f8fc7e7360e38ac45ebb03e51cb6c22ccc2adfb35ec0a1d2b2b783835fa92ace9351fc01955f37b702ca422bde7
-
SSDEEP
1536:Am+WZd0NqxCiwPxrZmulp44QI7e9X3tBQbAmf:FZiUxfwPNZxvQI7mX3obpf
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5