General
-
Target
d7c19599e574bb786dbe1120bdb499e12bd409f468333306ed3cc7a5d8216f17N.exe
-
Size
65KB
-
Sample
250202-sbcqxayman
-
MD5
365e25800fdc265fbdbd26aa6865c210
-
SHA1
49664a84e920a7bec0845deb0d5f8ace5caf9d59
-
SHA256
d7c19599e574bb786dbe1120bdb499e12bd409f468333306ed3cc7a5d8216f17
-
SHA512
b1f481097b3855b6240e53b3faa836210d21ca0f9f78af4b68e7f9f5e59715babb7f755f4096e00c47018628041d82e470f0ad91643b9b0ccaf0ea2f6a7d4a21
-
SSDEEP
1536:5mKZw/oN5U6IZruHCc7NoQR2hmeejL0QvEylaZal2X3LoLKnDSGoc:lqoTNoQIwplMylBE35nbR
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d7c19599e574bb786dbe1120bdb499e12bd409f468333306ed3cc7a5d8216f17N.exe
-
Size
65KB
-
MD5
365e25800fdc265fbdbd26aa6865c210
-
SHA1
49664a84e920a7bec0845deb0d5f8ace5caf9d59
-
SHA256
d7c19599e574bb786dbe1120bdb499e12bd409f468333306ed3cc7a5d8216f17
-
SHA512
b1f481097b3855b6240e53b3faa836210d21ca0f9f78af4b68e7f9f5e59715babb7f755f4096e00c47018628041d82e470f0ad91643b9b0ccaf0ea2f6a7d4a21
-
SSDEEP
1536:5mKZw/oN5U6IZruHCc7NoQR2hmeejL0QvEylaZal2X3LoLKnDSGoc:lqoTNoQIwplMylBE35nbR
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5