General
-
Target
b4df48d0b5da0ad7720749f5bea9b39be454aaed93444f1a3377aa545f174824.exe
-
Size
112KB
-
Sample
250204-tlpnws1mdw
-
MD5
db00e5f5bce18b0288ee2c38e7e9abe4
-
SHA1
0e17ff95821a5a6dc0640f8cccec4c8d3fe5434f
-
SHA256
b4df48d0b5da0ad7720749f5bea9b39be454aaed93444f1a3377aa545f174824
-
SHA512
0f9d6aa7ace68b2e5d45eec8908025744308dfed5d03bdf099f28ef9daa9aa431069c3033e9e7df40dfd0ba58b6bb95982f6fd9406a28df871511a87741724ad
-
SSDEEP
3072:UoTE6LcSj9gQjzk6/yIO3X0VQZNtX2XnMYPrYOH:Lnj9h3k6/iYQv9qMYPxH
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b4df48d0b5da0ad7720749f5bea9b39be454aaed93444f1a3377aa545f174824.exe
-
Size
112KB
-
MD5
db00e5f5bce18b0288ee2c38e7e9abe4
-
SHA1
0e17ff95821a5a6dc0640f8cccec4c8d3fe5434f
-
SHA256
b4df48d0b5da0ad7720749f5bea9b39be454aaed93444f1a3377aa545f174824
-
SHA512
0f9d6aa7ace68b2e5d45eec8908025744308dfed5d03bdf099f28ef9daa9aa431069c3033e9e7df40dfd0ba58b6bb95982f6fd9406a28df871511a87741724ad
-
SSDEEP
3072:UoTE6LcSj9gQjzk6/yIO3X0VQZNtX2XnMYPrYOH:Lnj9h3k6/iYQv9qMYPxH
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2