General
-
Target
1afee1e360b83dd26765376a455bba1391cca8302f05cb3dc13f25eff5f0b84b
-
Size
120KB
-
Sample
240630-xzx4zashna
-
MD5
923ff8bd292fe697210d8fa8f1915abd
-
SHA1
bdc783a237772c4ee84a8c4fea653385002ea5fe
-
SHA256
1afee1e360b83dd26765376a455bba1391cca8302f05cb3dc13f25eff5f0b84b
-
SHA512
ee22dfe438067135279aef0d5c8afb63b92cbbc19c89caafb503aea1ddae7f061923dd6e124a0c9b9e612e205621fac8e75afdae96e285dd20619a6266a00896
-
SSDEEP
1536:ibhn3zHjSdlEQcRcKe+1o/Tm8tNPW7nmoePfL63r88:sd3zDSDERclKwPonXT37
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1afee1e360b83dd26765376a455bba1391cca8302f05cb3dc13f25eff5f0b84b
-
Size
120KB
-
MD5
923ff8bd292fe697210d8fa8f1915abd
-
SHA1
bdc783a237772c4ee84a8c4fea653385002ea5fe
-
SHA256
1afee1e360b83dd26765376a455bba1391cca8302f05cb3dc13f25eff5f0b84b
-
SHA512
ee22dfe438067135279aef0d5c8afb63b92cbbc19c89caafb503aea1ddae7f061923dd6e124a0c9b9e612e205621fac8e75afdae96e285dd20619a6266a00896
-
SSDEEP
1536:ibhn3zHjSdlEQcRcKe+1o/Tm8tNPW7nmoePfL63r88:sd3zDSDERclKwPonXT37
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1