General
-
Target
99e3c9fa3f34d684d88e6c48b31cab47350d78d7437947bc7894663de2f171a4
-
Size
3.0MB
-
Sample
250328-z6s5ps1yas
-
MD5
2e7e81d140f2bd9bcc1633a207ef9b23
-
SHA1
4e17af5ad3a12e5aa36778daf2cc2054d2f4763a
-
SHA256
99e3c9fa3f34d684d88e6c48b31cab47350d78d7437947bc7894663de2f171a4
-
SHA512
086ed004cae8a0aa2d635ba7d31cd57425b27b5a89f10c0ded9e422d9ae7b0977da51e2baacae09460ecfa2ad19a016c8dfabc748243b9a3272f97937d613630
-
SSDEEP
49152:9Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAN86LqmQKzeFH/LNqAznwn90d:9+ruj+CLflabdSgGhj6OFGUwn90d
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
99e3c9fa3f34d684d88e6c48b31cab47350d78d7437947bc7894663de2f171a4
-
Size
3.0MB
-
MD5
2e7e81d140f2bd9bcc1633a207ef9b23
-
SHA1
4e17af5ad3a12e5aa36778daf2cc2054d2f4763a
-
SHA256
99e3c9fa3f34d684d88e6c48b31cab47350d78d7437947bc7894663de2f171a4
-
SHA512
086ed004cae8a0aa2d635ba7d31cd57425b27b5a89f10c0ded9e422d9ae7b0977da51e2baacae09460ecfa2ad19a016c8dfabc748243b9a3272f97937d613630
-
SSDEEP
49152:9Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAN86LqmQKzeFH/LNqAznwn90d:9+ruj+CLflabdSgGhj6OFGUwn90d
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5