General
-
Target
1f92902f398114d4d40576727c94c6d0c2d1c943bf065c8a926fd4c4539f6f96
-
Size
3.0MB
-
Sample
250328-27nygstvaw
-
MD5
18f2e280f0d284b0cdc7d1b86b7afabd
-
SHA1
8eb003bf9e114b9e2e0f2482848ab2343ac19c3a
-
SHA256
1f92902f398114d4d40576727c94c6d0c2d1c943bf065c8a926fd4c4539f6f96
-
SHA512
4adee3170aec9f12474a716cee152ab7f860cbe783dd75291c03649b0e6e44b8561222a2609d22a4d6b7974e56ecfdf1b163b86d8a67d5a480ec8a065d3852ca
-
SSDEEP
49152:xZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAc86LqmQKzeFH/LNqAznw1/:x+ruj+CLflabdSgGhy6OFGUw1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1f92902f398114d4d40576727c94c6d0c2d1c943bf065c8a926fd4c4539f6f96
-
Size
3.0MB
-
MD5
18f2e280f0d284b0cdc7d1b86b7afabd
-
SHA1
8eb003bf9e114b9e2e0f2482848ab2343ac19c3a
-
SHA256
1f92902f398114d4d40576727c94c6d0c2d1c943bf065c8a926fd4c4539f6f96
-
SHA512
4adee3170aec9f12474a716cee152ab7f860cbe783dd75291c03649b0e6e44b8561222a2609d22a4d6b7974e56ecfdf1b163b86d8a67d5a480ec8a065d3852ca
-
SSDEEP
49152:xZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAc86LqmQKzeFH/LNqAznw1/:x+ruj+CLflabdSgGhy6OFGUw1
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5