General
-
Target
7ada4503fc65c8891d26373cb53c7ff1015c583501e6514671b8560ddeb2e5bf
-
Size
3.0MB
-
Sample
250328-28r2javqs7
-
MD5
79cedf5c48a59b0688c38b0194758326
-
SHA1
a0b2f6a24552ff756e930ae0be27370981ee1981
-
SHA256
7ada4503fc65c8891d26373cb53c7ff1015c583501e6514671b8560ddeb2e5bf
-
SHA512
0ca11ef14c25ad9fa5bd8bef02d52dcc650f1d36a3a4bf68deaf07ec95ea1364e020e68dee10498c7208579d114e740deaff40c961f591d5532ab50a74cc5e1b
-
SSDEEP
49152:HZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAL86LqmQKzeFH/LNqAznwmA:H+ruj+CLflabdSgGhB6OFGUwmA
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7ada4503fc65c8891d26373cb53c7ff1015c583501e6514671b8560ddeb2e5bf
-
Size
3.0MB
-
MD5
79cedf5c48a59b0688c38b0194758326
-
SHA1
a0b2f6a24552ff756e930ae0be27370981ee1981
-
SHA256
7ada4503fc65c8891d26373cb53c7ff1015c583501e6514671b8560ddeb2e5bf
-
SHA512
0ca11ef14c25ad9fa5bd8bef02d52dcc650f1d36a3a4bf68deaf07ec95ea1364e020e68dee10498c7208579d114e740deaff40c961f591d5532ab50a74cc5e1b
-
SSDEEP
49152:HZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAL86LqmQKzeFH/LNqAznwmA:H+ruj+CLflabdSgGhB6OFGUwmA
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5