General
-
Target
831d03a060bcacaf8d49cbb38955ff6a0fc8356fc0c4e64e56a66f3066519a3cN.exe
-
Size
65KB
-
Sample
250201-rgbv5axmdk
-
MD5
c2b505598d9ead932df8a4cdafc2ae20
-
SHA1
98e4e8ed88291ca63c82f93294c1d8e158303044
-
SHA256
831d03a060bcacaf8d49cbb38955ff6a0fc8356fc0c4e64e56a66f3066519a3c
-
SHA512
a83ac4e24a331f960cc1efadf410fb5be90c94bd9ab88b7709cefd8bf3e61dd3157690b942f7af69fea606f7794b68de45f488fdfa5e2f3b830daa401790122d
-
SSDEEP
1536:Q7qv3stPfcbdV2f0dP3OrzGOx1BRxcd9YlwpT:Q7k2cbz2fYeryOhRad9YSpT
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
831d03a060bcacaf8d49cbb38955ff6a0fc8356fc0c4e64e56a66f3066519a3cN.exe
-
Size
65KB
-
MD5
c2b505598d9ead932df8a4cdafc2ae20
-
SHA1
98e4e8ed88291ca63c82f93294c1d8e158303044
-
SHA256
831d03a060bcacaf8d49cbb38955ff6a0fc8356fc0c4e64e56a66f3066519a3c
-
SHA512
a83ac4e24a331f960cc1efadf410fb5be90c94bd9ab88b7709cefd8bf3e61dd3157690b942f7af69fea606f7794b68de45f488fdfa5e2f3b830daa401790122d
-
SSDEEP
1536:Q7qv3stPfcbdV2f0dP3OrzGOx1BRxcd9YlwpT:Q7k2cbz2fYeryOhRad9YSpT
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5