General
-
Target
6ecfdd0aed73d1a4d29df556e27d1d23a2f99f56773b54ae291b64c136297a45.exe
-
Size
65KB
-
Sample
250205-clx7latqc1
-
MD5
33c21b2b5d346988ba2f45fde7fc752a
-
SHA1
159514fffb2a28a052558eb310e6d48be6201e45
-
SHA256
6ecfdd0aed73d1a4d29df556e27d1d23a2f99f56773b54ae291b64c136297a45
-
SHA512
3ef302fa9ebdccad4cb7ad8e45e8d885265e16200a67247d480d8f115e5490c49fe009ea9dbd41efc2f695ee659285d205069efbf44c69e4b9023637f13d7da8
-
SSDEEP
1536:pvxIejOBW6LOB5yzKCdUBGlb5+XMnitfoF3zkOuX:pxrOvs5y20t6Mg4DkOk
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6ecfdd0aed73d1a4d29df556e27d1d23a2f99f56773b54ae291b64c136297a45.exe
-
Size
65KB
-
MD5
33c21b2b5d346988ba2f45fde7fc752a
-
SHA1
159514fffb2a28a052558eb310e6d48be6201e45
-
SHA256
6ecfdd0aed73d1a4d29df556e27d1d23a2f99f56773b54ae291b64c136297a45
-
SHA512
3ef302fa9ebdccad4cb7ad8e45e8d885265e16200a67247d480d8f115e5490c49fe009ea9dbd41efc2f695ee659285d205069efbf44c69e4b9023637f13d7da8
-
SSDEEP
1536:pvxIejOBW6LOB5yzKCdUBGlb5+XMnitfoF3zkOuX:pxrOvs5y20t6Mg4DkOk
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5