General
-
Target
2025-02-18_be3d4313224a000c4f98d7368d9b1dce_icedid
-
Size
3.1MB
-
Sample
250218-ld4tva1js7
-
MD5
be3d4313224a000c4f98d7368d9b1dce
-
SHA1
39d01996c6f6f58b632ef8349e85cd654407781b
-
SHA256
5cd4702118c829844f1c7df478873aa665065a2ca294967ea7897220053f9280
-
SHA512
4bef82cdebc86bac32da48ce67ccd5b2c8d15df243e2f95d7478307dba505539a7db1173a0831ff04b5ba12b4970c4f1d24a9df19b61bdffb91fc89fd2d2ddfe
-
SSDEEP
24576:tiavoBsWMh+WRL1jO/tM04HZMjQCFdoh+x0k152Hn/vM/vyi7uVo6CoG2km45ux8:6wJRkXewos2igH/vQyNvsETCtEw
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2025-02-18_be3d4313224a000c4f98d7368d9b1dce_icedid
-
Size
3.1MB
-
MD5
be3d4313224a000c4f98d7368d9b1dce
-
SHA1
39d01996c6f6f58b632ef8349e85cd654407781b
-
SHA256
5cd4702118c829844f1c7df478873aa665065a2ca294967ea7897220053f9280
-
SHA512
4bef82cdebc86bac32da48ce67ccd5b2c8d15df243e2f95d7478307dba505539a7db1173a0831ff04b5ba12b4970c4f1d24a9df19b61bdffb91fc89fd2d2ddfe
-
SSDEEP
24576:tiavoBsWMh+WRL1jO/tM04HZMjQCFdoh+x0k152Hn/vM/vyi7uVo6CoG2km45ux8:6wJRkXewos2igH/vQyNvsETCtEw
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5