General
-
Target
cb78e296ca257235f5f09ac395aa702add017882a7a97a03aa95f6e2592d595a
-
Size
120KB
-
Sample
240330-26blrsgh5z
-
MD5
ce1e5bd6d3831be62f6b02eaad6d7d00
-
SHA1
3edced7231c432c4a09b273e017d2371088e6591
-
SHA256
cb78e296ca257235f5f09ac395aa702add017882a7a97a03aa95f6e2592d595a
-
SHA512
efc940462c1dc363f8ca43607ecf0b1d664a9fddc1fe2e4fd631ce7b85abdbfdd00299f16da049158339bee155760f875164f64f1a809322fdfca0b871b9528a
-
SSDEEP
1536:JlgVYx/ruJxVKmewG8IQlrLZU4X2h4YNnlBdSFOV8JOHsfxRifiZ+ApOh9dHC0e:JlxjsxV9hLJXo4OlDSMCJ4w+fevpOVC
Static task
static1
Behavioral task
behavioral1
Sample
cb78e296ca257235f5f09ac395aa702add017882a7a97a03aa95f6e2592d595a.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
cb78e296ca257235f5f09ac395aa702add017882a7a97a03aa95f6e2592d595a
-
Size
120KB
-
MD5
ce1e5bd6d3831be62f6b02eaad6d7d00
-
SHA1
3edced7231c432c4a09b273e017d2371088e6591
-
SHA256
cb78e296ca257235f5f09ac395aa702add017882a7a97a03aa95f6e2592d595a
-
SHA512
efc940462c1dc363f8ca43607ecf0b1d664a9fddc1fe2e4fd631ce7b85abdbfdd00299f16da049158339bee155760f875164f64f1a809322fdfca0b871b9528a
-
SSDEEP
1536:JlgVYx/ruJxVKmewG8IQlrLZU4X2h4YNnlBdSFOV8JOHsfxRifiZ+ApOh9dHC0e:JlxjsxV9hLJXo4OlDSMCJ4w+fevpOVC
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5