General
-
Target
5bdf50956a2bb5ac1d0ab91fcc77b6fb9a2b082f2b57c3f0a15e069d4f204637
-
Size
5.5MB
-
Sample
240422-2cgkxshb57
-
MD5
9444a1b2db9fa493841756d7be41d2b4
-
SHA1
af18e0d7bc38c2275e674a9b4893eeb08fa8755c
-
SHA256
5bdf50956a2bb5ac1d0ab91fcc77b6fb9a2b082f2b57c3f0a15e069d4f204637
-
SHA512
5697e30a2bb81e816aa1548faff14d252d7f87b747f85ade629dbf9e936072dfaea5b98de2ff365b950b8d24a463c93d156a025a7f3dcb93592ee5e66db70b79
-
SSDEEP
98304:8uLgywiNHBeSLxYK/bxE3q/BlZkWMGPQflVJ/EK1sLyzs2T2Q1mOjq4e:N7wqheSVYK/bua/BlWWnuVhsus8nm+qj
Static task
static1
Behavioral task
behavioral1
Sample
5bdf50956a2bb5ac1d0ab91fcc77b6fb9a2b082f2b57c3f0a15e069d4f204637.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5bdf50956a2bb5ac1d0ab91fcc77b6fb9a2b082f2b57c3f0a15e069d4f204637
-
Size
5.5MB
-
MD5
9444a1b2db9fa493841756d7be41d2b4
-
SHA1
af18e0d7bc38c2275e674a9b4893eeb08fa8755c
-
SHA256
5bdf50956a2bb5ac1d0ab91fcc77b6fb9a2b082f2b57c3f0a15e069d4f204637
-
SHA512
5697e30a2bb81e816aa1548faff14d252d7f87b747f85ade629dbf9e936072dfaea5b98de2ff365b950b8d24a463c93d156a025a7f3dcb93592ee5e66db70b79
-
SSDEEP
98304:8uLgywiNHBeSLxYK/bxE3q/BlZkWMGPQflVJ/EK1sLyzs2T2Q1mOjq4e:N7wqheSVYK/bua/BlWWnuVhsus8nm+qj
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5