General
-
Target
48d4f2aa48d69e86fa5a2c4afae11ec550424170de8cf1c4f9ab8da47c763fb1
-
Size
3.0MB
-
Sample
250328-255hfsvpw3
-
MD5
a5006a0b5db2799d8255ee7177c26540
-
SHA1
d03d3b1b9e8f8bb705fcbb41d140fd5a43ebd4c4
-
SHA256
48d4f2aa48d69e86fa5a2c4afae11ec550424170de8cf1c4f9ab8da47c763fb1
-
SHA512
774d74e6877fb89779e6c492f393d39776463e57a409a00d8e59e0592071152cec3ae2816f5119aad396a09b6ce2a522a9ae0ac7cdf272fd1c96f15c3a9466b2
-
SSDEEP
49152:+Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAy86LqmQKzeFH/LNqAznwjkv:++ruj+CLflabdSgGhY6OFGUwjkv
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
48d4f2aa48d69e86fa5a2c4afae11ec550424170de8cf1c4f9ab8da47c763fb1
-
Size
3.0MB
-
MD5
a5006a0b5db2799d8255ee7177c26540
-
SHA1
d03d3b1b9e8f8bb705fcbb41d140fd5a43ebd4c4
-
SHA256
48d4f2aa48d69e86fa5a2c4afae11ec550424170de8cf1c4f9ab8da47c763fb1
-
SHA512
774d74e6877fb89779e6c492f393d39776463e57a409a00d8e59e0592071152cec3ae2816f5119aad396a09b6ce2a522a9ae0ac7cdf272fd1c96f15c3a9466b2
-
SSDEEP
49152:+Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAy86LqmQKzeFH/LNqAznwjkv:++ruj+CLflabdSgGhY6OFGUwjkv
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5