General
-
Target
0e4fc8e09d8bfa3094bc9859c63eaee96d036fc5513c2576101a3dde06b289ca
-
Size
505KB
-
Sample
240630-x8yrvstbmf
-
MD5
13162c54c4d8e425799ab947e57df82b
-
SHA1
02e7518ebc738d1be6c6079701b47d12f76ee33b
-
SHA256
0e4fc8e09d8bfa3094bc9859c63eaee96d036fc5513c2576101a3dde06b289ca
-
SHA512
f7aad4cde66b4414ef7a5fb7e09032d4423932a5803d366876fb7d1e6686c8e48329a8d7d59c1c8eb88bd77a92ed7f6f7a7ae0d02cf981a2554b5f12118da57f
-
SSDEEP
12288:FMsi9TgKPChlEiYOAkycjo+ZToV0vloD29/:FQgKCYLtcPo+o29/
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0e4fc8e09d8bfa3094bc9859c63eaee96d036fc5513c2576101a3dde06b289ca
-
Size
505KB
-
MD5
13162c54c4d8e425799ab947e57df82b
-
SHA1
02e7518ebc738d1be6c6079701b47d12f76ee33b
-
SHA256
0e4fc8e09d8bfa3094bc9859c63eaee96d036fc5513c2576101a3dde06b289ca
-
SHA512
f7aad4cde66b4414ef7a5fb7e09032d4423932a5803d366876fb7d1e6686c8e48329a8d7d59c1c8eb88bd77a92ed7f6f7a7ae0d02cf981a2554b5f12118da57f
-
SSDEEP
12288:FMsi9TgKPChlEiYOAkycjo+ZToV0vloD29/:FQgKCYLtcPo+o29/
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1