General
-
Target
2d73d0ba2892fd0f5ead51b4ffda97dd
-
Size
65KB
-
Sample
240229-t6ez7afb87
-
MD5
2d73d0ba2892fd0f5ead51b4ffda97dd
-
SHA1
80879d04c634eb4c3b2f0a46685ea87e59ff0297
-
SHA256
9e68706fb1700aca1733fbc2e77997f9f21817870a9b6a843c6049801a72fa78
-
SHA512
acbbffe0a3d837bce3aa29742b24c5e9f759bc3369571eda9f0346c4a857d0e841e2f67cc0db9a2a211d425c3f4acc20704994ba8f2735432ca3ed6551f4f03c
-
SSDEEP
1536:wg+8bg9kX12AQievAgzkulf9SS0QSeSLTKi+MKIu+k0y:wUgK12BicLTmeAc0y
Static task
static1
Behavioral task
behavioral1
Sample
2d73d0ba2892fd0f5ead51b4ffda97dd.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2d73d0ba2892fd0f5ead51b4ffda97dd
-
Size
65KB
-
MD5
2d73d0ba2892fd0f5ead51b4ffda97dd
-
SHA1
80879d04c634eb4c3b2f0a46685ea87e59ff0297
-
SHA256
9e68706fb1700aca1733fbc2e77997f9f21817870a9b6a843c6049801a72fa78
-
SHA512
acbbffe0a3d837bce3aa29742b24c5e9f759bc3369571eda9f0346c4a857d0e841e2f67cc0db9a2a211d425c3f4acc20704994ba8f2735432ca3ed6551f4f03c
-
SSDEEP
1536:wg+8bg9kX12AQievAgzkulf9SS0QSeSLTKi+MKIu+k0y:wUgK12BicLTmeAc0y
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5