General
-
Target
1c739a5deff56d0918ca4e0dd06ba93b
-
Size
120KB
-
Sample
240229-tf7braec49
-
MD5
1c739a5deff56d0918ca4e0dd06ba93b
-
SHA1
77d50603eaad6b1c0ce310980b8dc69178140550
-
SHA256
3113780511d6269f5431a8346ae5b010fb48da9e445b16306353dd7991fc49ad
-
SHA512
a2e42a3b8241824390d252046aac42fb326322fd01b24d3795c56e693accb9041bddf37ab39b7b01bd836482f5904d1cb481993b645ccc5411046a03ccc48a6e
-
SSDEEP
3072:3RtgD9PLKa1cwoaI/Z/skoeRHqZofjbqEr8b6:3oDJLL1zLQCeRKejwb
Static task
static1
Behavioral task
behavioral1
Sample
1c739a5deff56d0918ca4e0dd06ba93b.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1c739a5deff56d0918ca4e0dd06ba93b
-
Size
120KB
-
MD5
1c739a5deff56d0918ca4e0dd06ba93b
-
SHA1
77d50603eaad6b1c0ce310980b8dc69178140550
-
SHA256
3113780511d6269f5431a8346ae5b010fb48da9e445b16306353dd7991fc49ad
-
SHA512
a2e42a3b8241824390d252046aac42fb326322fd01b24d3795c56e693accb9041bddf37ab39b7b01bd836482f5904d1cb481993b645ccc5411046a03ccc48a6e
-
SSDEEP
3072:3RtgD9PLKa1cwoaI/Z/skoeRHqZofjbqEr8b6:3oDJLL1zLQCeRKejwb
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5