General
-
Target
3d3a16ef0b9ce2d956804f02424357db91b783763bbf932091e825594c8a8832
-
Size
3.0MB
-
Sample
250328-258j4sttfx
-
MD5
c5fe0c3a6f4a520236364bd3bbc953c9
-
SHA1
11c2bde202ee604896bd211d182e80b12d4297aa
-
SHA256
3d3a16ef0b9ce2d956804f02424357db91b783763bbf932091e825594c8a8832
-
SHA512
efdc03d8dd3568ab01af49ca699bab710255be5fed61fa8921f4ceb7b5ae1f509c9aed50a3eb8f99933b3fd6e83953a377c6af4b32b254e0755de5bbd7c418df
-
SSDEEP
49152:nZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAu86LqmQKzeFH/LNqAznwW2:n+ruj+CLflabdSgGho6OFGUwW2
Static task
static1
Behavioral task
behavioral1
Sample
3d3a16ef0b9ce2d956804f02424357db91b783763bbf932091e825594c8a8832.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3d3a16ef0b9ce2d956804f02424357db91b783763bbf932091e825594c8a8832
-
Size
3.0MB
-
MD5
c5fe0c3a6f4a520236364bd3bbc953c9
-
SHA1
11c2bde202ee604896bd211d182e80b12d4297aa
-
SHA256
3d3a16ef0b9ce2d956804f02424357db91b783763bbf932091e825594c8a8832
-
SHA512
efdc03d8dd3568ab01af49ca699bab710255be5fed61fa8921f4ceb7b5ae1f509c9aed50a3eb8f99933b3fd6e83953a377c6af4b32b254e0755de5bbd7c418df
-
SSDEEP
49152:nZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAu86LqmQKzeFH/LNqAznwW2:n+ruj+CLflabdSgGho6OFGUwW2
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5