General
-
Target
c576a8135576e362419ef87c421564f1adad23a98d8176f789863a67cd8380f3.exe
-
Size
65KB
-
Sample
250201-mtvrjsylg1
-
MD5
f4e93425898138ddc1b78f0ed0a61b97
-
SHA1
730d929a4631f2be343554fe0169f327dce9c749
-
SHA256
c576a8135576e362419ef87c421564f1adad23a98d8176f789863a67cd8380f3
-
SHA512
7c8ade006de60365c1d529ff6a08dbad29259c6c65d92cb0e61f6864db43bae495e62a4f8a47a419d40b4429269f2cc273d3891c239e21d700aec1fab2c6fda5
-
SSDEEP
1536:bdkY4GxQThmLf2+GA4+HHoBAqFWtzWHi1Go8Vgdn6bTXthaAuD:bXxGmLfrHcXWRWhNbzt0AU
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c576a8135576e362419ef87c421564f1adad23a98d8176f789863a67cd8380f3.exe
-
Size
65KB
-
MD5
f4e93425898138ddc1b78f0ed0a61b97
-
SHA1
730d929a4631f2be343554fe0169f327dce9c749
-
SHA256
c576a8135576e362419ef87c421564f1adad23a98d8176f789863a67cd8380f3
-
SHA512
7c8ade006de60365c1d529ff6a08dbad29259c6c65d92cb0e61f6864db43bae495e62a4f8a47a419d40b4429269f2cc273d3891c239e21d700aec1fab2c6fda5
-
SSDEEP
1536:bdkY4GxQThmLf2+GA4+HHoBAqFWtzWHi1Go8Vgdn6bTXthaAuD:bXxGmLfrHcXWRWhNbzt0AU
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5