General
-
Target
43184bd5162fb342e94f91e1b3df8891e2c3b9a9b060d57a4639c4d8fe8ad9f1
-
Size
124KB
-
Sample
240630-zbbbeavbre
-
MD5
fed03e665695876114f9af0d1ec028bd
-
SHA1
ccd21ae940f58dfff9300884b2ae34e210605851
-
SHA256
43184bd5162fb342e94f91e1b3df8891e2c3b9a9b060d57a4639c4d8fe8ad9f1
-
SHA512
8ad296501d8ca61c870833233c598a9c1d493a249f129207239f2064bbbf1335acc12a9c1b2b804eb4a3da70e3e709e47478b3bbbd7287f8cb5b32922397a396
-
SSDEEP
3072:sftffjmN/8ftffjmNCekfgkgiutON7FtL2BEJb:0VfjmNsVfjmNVOgkgi12eb
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
43184bd5162fb342e94f91e1b3df8891e2c3b9a9b060d57a4639c4d8fe8ad9f1
-
Size
124KB
-
MD5
fed03e665695876114f9af0d1ec028bd
-
SHA1
ccd21ae940f58dfff9300884b2ae34e210605851
-
SHA256
43184bd5162fb342e94f91e1b3df8891e2c3b9a9b060d57a4639c4d8fe8ad9f1
-
SHA512
8ad296501d8ca61c870833233c598a9c1d493a249f129207239f2064bbbf1335acc12a9c1b2b804eb4a3da70e3e709e47478b3bbbd7287f8cb5b32922397a396
-
SSDEEP
3072:sftffjmN/8ftffjmNCekfgkgiutON7FtL2BEJb:0VfjmNsVfjmNVOgkgi12eb
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1