General
-
Target
9defa6c66286b68593b31dc63f38fddb2eba59668fc40afb0373962170a94fd2
-
Size
736KB
-
Sample
240629-ctz16asbmn
-
MD5
114717be0204aa9a9aec83d09c36ea99
-
SHA1
fa0223b126a3d5d372d6bdaff69d378b0a8f8f02
-
SHA256
9defa6c66286b68593b31dc63f38fddb2eba59668fc40afb0373962170a94fd2
-
SHA512
5fc721fe3d9eea3f58c7f4bfb15ccb492b6e00aeba37369be492eb3d8646e0d5dc353f90009de4ce2993d246213385e842e13de4f58e1c153299c21739b9c809
-
SSDEEP
12288:2i0NjlGoLZoaT3Ke/wubOvu5Sb44OeG3SUBFNPPJHh9j:2ipuzT6fuwu5Sb4XkYjPr9j
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9defa6c66286b68593b31dc63f38fddb2eba59668fc40afb0373962170a94fd2
-
Size
736KB
-
MD5
114717be0204aa9a9aec83d09c36ea99
-
SHA1
fa0223b126a3d5d372d6bdaff69d378b0a8f8f02
-
SHA256
9defa6c66286b68593b31dc63f38fddb2eba59668fc40afb0373962170a94fd2
-
SHA512
5fc721fe3d9eea3f58c7f4bfb15ccb492b6e00aeba37369be492eb3d8646e0d5dc353f90009de4ce2993d246213385e842e13de4f58e1c153299c21739b9c809
-
SSDEEP
12288:2i0NjlGoLZoaT3Ke/wubOvu5Sb44OeG3SUBFNPPJHh9j:2ipuzT6fuwu5Sb4XkYjPr9j
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1