General
-
Target
0d6af70d5fd577251e3af85ba33531c1382cdf80754463429849b0e844b8f3b7N.exe
-
Size
65KB
-
Sample
250202-k4tacsxjcl
-
MD5
04830c492d85f324a731be5ebb984b50
-
SHA1
47ba23812286d0c0134b5a5b0135ab4b11d734df
-
SHA256
0d6af70d5fd577251e3af85ba33531c1382cdf80754463429849b0e844b8f3b7
-
SHA512
0eff4985efc4ec2149735b895bf9209d5728625b4bc3896bc08456099df6d7123dfd16d4e59e7f231a5b5a15b6dd4fe9d4eedce4cfe6a977a904a1aa89c5c75a
-
SSDEEP
768:gHmApm2/mwlqUDAd78YtW9SR33yA7LIL1tDBdmHQcJ1q3Mkij3gI+7Ku0nOgDZjA:gGnYmwmd9R33YZ5BdsQcJk0rDuZgVk
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0d6af70d5fd577251e3af85ba33531c1382cdf80754463429849b0e844b8f3b7N.exe
-
Size
65KB
-
MD5
04830c492d85f324a731be5ebb984b50
-
SHA1
47ba23812286d0c0134b5a5b0135ab4b11d734df
-
SHA256
0d6af70d5fd577251e3af85ba33531c1382cdf80754463429849b0e844b8f3b7
-
SHA512
0eff4985efc4ec2149735b895bf9209d5728625b4bc3896bc08456099df6d7123dfd16d4e59e7f231a5b5a15b6dd4fe9d4eedce4cfe6a977a904a1aa89c5c75a
-
SSDEEP
768:gHmApm2/mwlqUDAd78YtW9SR33yA7LIL1tDBdmHQcJ1q3Mkij3gI+7Ku0nOgDZjA:gGnYmwmd9R33YZ5BdsQcJk0rDuZgVk
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5