General
-
Target
6e0d25a9b9aa11a3fbb4ec1b17e73bc95cca814071309f6aaa3a7ce5f9556429
-
Size
132KB
-
Sample
250206-aq9ebayrbr
-
MD5
9537863456f5de0c2a88d888971de11b
-
SHA1
3da120e22765c6ee01a8235bc06778fb8f82d0ff
-
SHA256
6e0d25a9b9aa11a3fbb4ec1b17e73bc95cca814071309f6aaa3a7ce5f9556429
-
SHA512
36be42dd8608f14da55ff88728798ff8a5c8385b4f18f3a0e9f23c35c7bcaf6b5c766993df89cb12540e89ccab5f4505a22efec8968b7c85f00ef45cb75636ce
-
SSDEEP
3072:tgIkv0lt28t2zhFG/UDJZK9IHW/0C98aiuVqhn2:Dl3yhI/OW/18u6
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6e0d25a9b9aa11a3fbb4ec1b17e73bc95cca814071309f6aaa3a7ce5f9556429
-
Size
132KB
-
MD5
9537863456f5de0c2a88d888971de11b
-
SHA1
3da120e22765c6ee01a8235bc06778fb8f82d0ff
-
SHA256
6e0d25a9b9aa11a3fbb4ec1b17e73bc95cca814071309f6aaa3a7ce5f9556429
-
SHA512
36be42dd8608f14da55ff88728798ff8a5c8385b4f18f3a0e9f23c35c7bcaf6b5c766993df89cb12540e89ccab5f4505a22efec8968b7c85f00ef45cb75636ce
-
SSDEEP
3072:tgIkv0lt28t2zhFG/UDJZK9IHW/0C98aiuVqhn2:Dl3yhI/OW/18u6
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2