General
-
Target
2025-04-05_8c270007995c173c153aac8bd051b290_icedid
-
Size
390KB
-
Sample
250405-b3zlbaxxhs
-
MD5
8c270007995c173c153aac8bd051b290
-
SHA1
4516869a4eda0fd33833997426d466c134c1c960
-
SHA256
ecaa8910f93d792e7327cdb9a573da22150024d9d9bc5b37d4a0bf1491e2f9cf
-
SHA512
79fd123234ae9a6a1200b9a1fb7113abb3672368d523a95f754299c5c968b99b4ac4e36fedf9e86da4811d0ae5fb4b9784c295eff3e25cd5fdeb1a16056323aa
-
SSDEEP
6144:CznAtGqS5NjM2KbQbNYuhZ+6+eAbuQ5Zu60HnPLhDKWK7zDIUiLn9FUdBn:CTLnp+BCQ5Zu60HnP1CzRiT9FUzn
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2025-04-05_8c270007995c173c153aac8bd051b290_icedid
-
Size
390KB
-
MD5
8c270007995c173c153aac8bd051b290
-
SHA1
4516869a4eda0fd33833997426d466c134c1c960
-
SHA256
ecaa8910f93d792e7327cdb9a573da22150024d9d9bc5b37d4a0bf1491e2f9cf
-
SHA512
79fd123234ae9a6a1200b9a1fb7113abb3672368d523a95f754299c5c968b99b4ac4e36fedf9e86da4811d0ae5fb4b9784c295eff3e25cd5fdeb1a16056323aa
-
SSDEEP
6144:CznAtGqS5NjM2KbQbNYuhZ+6+eAbuQ5Zu60HnPLhDKWK7zDIUiLn9FUdBn:CTLnp+BCQ5Zu60HnP1CzRiT9FUzn
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5