General
-
Target
b07edd9337c712df94b2049f5ec5ecf11cca7953e815d54ce1ffc8daef10f586
-
Size
120KB
-
Sample
240329-bgec9add6t
-
MD5
52733df8119f41df697e5bf8be8da1c7
-
SHA1
4495851f3fced09b2b7761bdd6742e9273617f1f
-
SHA256
b07edd9337c712df94b2049f5ec5ecf11cca7953e815d54ce1ffc8daef10f586
-
SHA512
52ba7c7c23b24ed0eba6eb150ffc604a1fceb1bf4926774e0692e5532f58ed56906a33ccf869713183c19e4d78bade0dd073823aa94569b56f258856796fdc4a
-
SSDEEP
1536:lM4VslJP/CyK0c51xBhpN0087U2IUQ4I890LnvsrlKHz/8v7CYbzeN:qZvPvy5NhTiM4IK0DvKlMzUvG3
Static task
static1
Behavioral task
behavioral1
Sample
b07edd9337c712df94b2049f5ec5ecf11cca7953e815d54ce1ffc8daef10f586.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b07edd9337c712df94b2049f5ec5ecf11cca7953e815d54ce1ffc8daef10f586
-
Size
120KB
-
MD5
52733df8119f41df697e5bf8be8da1c7
-
SHA1
4495851f3fced09b2b7761bdd6742e9273617f1f
-
SHA256
b07edd9337c712df94b2049f5ec5ecf11cca7953e815d54ce1ffc8daef10f586
-
SHA512
52ba7c7c23b24ed0eba6eb150ffc604a1fceb1bf4926774e0692e5532f58ed56906a33ccf869713183c19e4d78bade0dd073823aa94569b56f258856796fdc4a
-
SSDEEP
1536:lM4VslJP/CyK0c51xBhpN0087U2IUQ4I890LnvsrlKHz/8v7CYbzeN:qZvPvy5NhTiM4IK0DvKlMzUvG3
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3