General
-
Target
7fc76858ae2b46459ea227cc37f165618e5f76824feae14eaae2b81d0d15e8cc
-
Size
120KB
-
Sample
240329-2pqz5abe8w
-
MD5
fcbcf77150ca5112fce1b817a4a1b3db
-
SHA1
59afc16ed04e2a0227396e612af85108d67459e2
-
SHA256
7fc76858ae2b46459ea227cc37f165618e5f76824feae14eaae2b81d0d15e8cc
-
SHA512
a982501966ff468566cbeee167902619dc9932f53d1c1a8c75359280cddbc48420bc3713e6595cfff2cbd9566ef17f1a91ce6b7f27222bf7e818ab8dde76a41c
-
SSDEEP
1536:mA2Q+04VpKsW/WgZg0E91pmVZ5+jEZSpjxyEKWRiNJLq1o8Kz1Oh:d2QsVpKjugZC7mB+Djxy8YJLqitzw
Static task
static1
Behavioral task
behavioral1
Sample
7fc76858ae2b46459ea227cc37f165618e5f76824feae14eaae2b81d0d15e8cc.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7fc76858ae2b46459ea227cc37f165618e5f76824feae14eaae2b81d0d15e8cc
-
Size
120KB
-
MD5
fcbcf77150ca5112fce1b817a4a1b3db
-
SHA1
59afc16ed04e2a0227396e612af85108d67459e2
-
SHA256
7fc76858ae2b46459ea227cc37f165618e5f76824feae14eaae2b81d0d15e8cc
-
SHA512
a982501966ff468566cbeee167902619dc9932f53d1c1a8c75359280cddbc48420bc3713e6595cfff2cbd9566ef17f1a91ce6b7f27222bf7e818ab8dde76a41c
-
SSDEEP
1536:mA2Q+04VpKsW/WgZg0E91pmVZ5+jEZSpjxyEKWRiNJLq1o8Kz1Oh:d2QsVpKjugZC7mB+Djxy8YJLqitzw
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3