General
-
Target
3d236e7606d065ae91e5e16a83169532b41290ba612000d20ee4124338f4c44f
-
Size
2.0MB
-
Sample
250205-a3vfxssldr
-
MD5
56d750b59b4e7a2a5c3866c18b8bfda5
-
SHA1
95e9e65f7c479a403e30ebf8f2af1aabce6bc04b
-
SHA256
3d236e7606d065ae91e5e16a83169532b41290ba612000d20ee4124338f4c44f
-
SHA512
8d1a83b8e0dafdc6d058d0dc60f3bcd3844fd2c58e179ff5b2007349a13dd3eb8c7089b7489855f6deb7555fdf09cf3e3b7e5c16052d8b06c4a6c6e3530fb1b6
-
SSDEEP
49152:+3D0aSMKIahuAKxtseEC4sF5Z6EH2soigq8b+lNaX3cj+X2bNRq54X7HaantYX:C3SMKIahuNtUCXF5Z6EH2sRUb+lNaX3L
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
3d236e7606d065ae91e5e16a83169532b41290ba612000d20ee4124338f4c44f
-
Size
2.0MB
-
MD5
56d750b59b4e7a2a5c3866c18b8bfda5
-
SHA1
95e9e65f7c479a403e30ebf8f2af1aabce6bc04b
-
SHA256
3d236e7606d065ae91e5e16a83169532b41290ba612000d20ee4124338f4c44f
-
SHA512
8d1a83b8e0dafdc6d058d0dc60f3bcd3844fd2c58e179ff5b2007349a13dd3eb8c7089b7489855f6deb7555fdf09cf3e3b7e5c16052d8b06c4a6c6e3530fb1b6
-
SSDEEP
49152:+3D0aSMKIahuAKxtseEC4sF5Z6EH2soigq8b+lNaX3cj+X2bNRq54X7HaantYX:C3SMKIahuNtUCXF5Z6EH2sRUb+lNaX3L
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5