General
-
Target
7fe8ef289ddbd7e28a821d348d599f34eb4fb63063002cdf3824d85790d3a43a
-
Size
120KB
-
Sample
240331-3acpmaeh9v
-
MD5
5ddc08d470587bb019ff32160f4ff91e
-
SHA1
3e7c865db11a4be94366f3610ee9941700c98143
-
SHA256
7fe8ef289ddbd7e28a821d348d599f34eb4fb63063002cdf3824d85790d3a43a
-
SHA512
f8e8f5582f56ee9af4d50e9e4ceb58067136453e52df66334393f9c411347a05aacc5596ed36cd656cac492d13b888db58f58d91b691bb8a33cd690b9e9fe8c5
-
SSDEEP
3072:3a84VMQBV7fJvoN1m5XcwUaWAUDi+/q6UifSNze2T:3FazV7f2N1uXJUaWAGiJu6pXT
Static task
static1
Behavioral task
behavioral1
Sample
7fe8ef289ddbd7e28a821d348d599f34eb4fb63063002cdf3824d85790d3a43a.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7fe8ef289ddbd7e28a821d348d599f34eb4fb63063002cdf3824d85790d3a43a
-
Size
120KB
-
MD5
5ddc08d470587bb019ff32160f4ff91e
-
SHA1
3e7c865db11a4be94366f3610ee9941700c98143
-
SHA256
7fe8ef289ddbd7e28a821d348d599f34eb4fb63063002cdf3824d85790d3a43a
-
SHA512
f8e8f5582f56ee9af4d50e9e4ceb58067136453e52df66334393f9c411347a05aacc5596ed36cd656cac492d13b888db58f58d91b691bb8a33cd690b9e9fe8c5
-
SSDEEP
3072:3a84VMQBV7fJvoN1m5XcwUaWAUDi+/q6UifSNze2T:3FazV7f2N1uXJUaWAGiJu6pXT
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3