General
-
Target
e8f3acf0323e4a90ac99f6b94830c6e1c48bb40cd4555a05c75e1167fceedadd
-
Size
162KB
-
Sample
240329-e31edsad59
-
MD5
68d5c13d4255d338325546b94abd4965
-
SHA1
cc96d2fb4ff18a14a95bed50b61be9c6a64c007f
-
SHA256
e8f3acf0323e4a90ac99f6b94830c6e1c48bb40cd4555a05c75e1167fceedadd
-
SHA512
f3723170faa4802a818e1ad51bdb3e2d418bc56b7b73b34e5f1178fb11f49e8df7073900c6b26eb542884bbdb5f5d409298c8fdc6d11ab9875bdc76a4773300f
-
SSDEEP
3072:ewehu9aakInFGILeYpoj8qMnaz32GCTEEBrm:eVhuUI8k2jGvoEBS
Static task
static1
Behavioral task
behavioral1
Sample
e8f3acf0323e4a90ac99f6b94830c6e1c48bb40cd4555a05c75e1167fceedadd.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e8f3acf0323e4a90ac99f6b94830c6e1c48bb40cd4555a05c75e1167fceedadd
-
Size
162KB
-
MD5
68d5c13d4255d338325546b94abd4965
-
SHA1
cc96d2fb4ff18a14a95bed50b61be9c6a64c007f
-
SHA256
e8f3acf0323e4a90ac99f6b94830c6e1c48bb40cd4555a05c75e1167fceedadd
-
SHA512
f3723170faa4802a818e1ad51bdb3e2d418bc56b7b73b34e5f1178fb11f49e8df7073900c6b26eb542884bbdb5f5d409298c8fdc6d11ab9875bdc76a4773300f
-
SSDEEP
3072:ewehu9aakInFGILeYpoj8qMnaz32GCTEEBrm:eVhuUI8k2jGvoEBS
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3