General
-
Target
2adafd5a3a88e07984d6eb338c5c942c77caebcd05cefe4b7c1f292551b16c7a.exe
-
Size
3.0MB
-
Sample
250328-zvyaaa1xas
-
MD5
efea58cb52b38b9edbbf0597561e9da8
-
SHA1
137b08d3d80cd2ac40ca57357afd6b9269a0685a
-
SHA256
2adafd5a3a88e07984d6eb338c5c942c77caebcd05cefe4b7c1f292551b16c7a
-
SHA512
0223ed865e2a20e157070a96c7e9bf5c78d7541a7af5311bf61a91cdfcdb6d02a9abdfd5166dac74d1f8bfa3b61ea84b5ef0371fc038ca995f850fccc892c047
-
SSDEEP
49152:3Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAF86LqmQKzeFH/LNqAznwjp:3+ruj+CLflabdSgGhb6OFGUwjp
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2adafd5a3a88e07984d6eb338c5c942c77caebcd05cefe4b7c1f292551b16c7a.exe
-
Size
3.0MB
-
MD5
efea58cb52b38b9edbbf0597561e9da8
-
SHA1
137b08d3d80cd2ac40ca57357afd6b9269a0685a
-
SHA256
2adafd5a3a88e07984d6eb338c5c942c77caebcd05cefe4b7c1f292551b16c7a
-
SHA512
0223ed865e2a20e157070a96c7e9bf5c78d7541a7af5311bf61a91cdfcdb6d02a9abdfd5166dac74d1f8bfa3b61ea84b5ef0371fc038ca995f850fccc892c047
-
SSDEEP
49152:3Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAF86LqmQKzeFH/LNqAznwjp:3+ruj+CLflabdSgGhb6OFGUwjp
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5