General
-
Target
dbb56d195eb5e12ebf3bb4459e5fb6f495e4a38eafa8845c86d29a270fd31286
-
Size
659KB
-
Sample
240329-d4rcfagf8v
-
MD5
e13ff15767cb503c5cd4f45164052653
-
SHA1
7808a885d6c8a45d3d0efea3b6cc47ecd3e67bac
-
SHA256
dbb56d195eb5e12ebf3bb4459e5fb6f495e4a38eafa8845c86d29a270fd31286
-
SHA512
be3d41a9d895bb41595bc9dd53cca815edb0e3f1ddcd8f55bab4640eae80e788f1d9bb3fa3659f9125a7a52682529a23e0369c272e74909a537503c01ca34f8b
-
SSDEEP
12288:QXejB4QXwj+m63qO7avALU96i7PcMBUAoKZOS30KRRJ6gwD:QXOBd93H3Y/PcMe/KZO20gKgwD
Static task
static1
Behavioral task
behavioral1
Sample
dbb56d195eb5e12ebf3bb4459e5fb6f495e4a38eafa8845c86d29a270fd31286.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
dbb56d195eb5e12ebf3bb4459e5fb6f495e4a38eafa8845c86d29a270fd31286
-
Size
659KB
-
MD5
e13ff15767cb503c5cd4f45164052653
-
SHA1
7808a885d6c8a45d3d0efea3b6cc47ecd3e67bac
-
SHA256
dbb56d195eb5e12ebf3bb4459e5fb6f495e4a38eafa8845c86d29a270fd31286
-
SHA512
be3d41a9d895bb41595bc9dd53cca815edb0e3f1ddcd8f55bab4640eae80e788f1d9bb3fa3659f9125a7a52682529a23e0369c272e74909a537503c01ca34f8b
-
SSDEEP
12288:QXejB4QXwj+m63qO7avALU96i7PcMBUAoKZOS30KRRJ6gwD:QXOBd93H3Y/PcMe/KZO20gKgwD
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3