General
-
Target
12eab71ae6576c5159bf15d6b45c2de16d5e77b400fa5f7d84e423d083227cec
-
Size
97KB
-
Sample
240422-xnn2xseh5z
-
MD5
d6cdbbc42876a4fe7a531f2304c75116
-
SHA1
47cc3f47f89fc77976584987363d8adb442a943a
-
SHA256
12eab71ae6576c5159bf15d6b45c2de16d5e77b400fa5f7d84e423d083227cec
-
SHA512
41787c5ce9e39ec2e9fe1b42fd7dfb58b67f9d636527b1d1cff855e1a391a29ccf68788c391a71094ddfca6f832e0535a3ee79303a6741368cf7ad2e4c52f34d
-
SSDEEP
1536:r/UfxGFXhq5sIbigObShA4swpA0j5cPBs4yNPf53gHCE:rckjeiFbSGNwpAU5sBm53gH
Static task
static1
Behavioral task
behavioral1
Sample
12eab71ae6576c5159bf15d6b45c2de16d5e77b400fa5f7d84e423d083227cec.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
12eab71ae6576c5159bf15d6b45c2de16d5e77b400fa5f7d84e423d083227cec
-
Size
97KB
-
MD5
d6cdbbc42876a4fe7a531f2304c75116
-
SHA1
47cc3f47f89fc77976584987363d8adb442a943a
-
SHA256
12eab71ae6576c5159bf15d6b45c2de16d5e77b400fa5f7d84e423d083227cec
-
SHA512
41787c5ce9e39ec2e9fe1b42fd7dfb58b67f9d636527b1d1cff855e1a391a29ccf68788c391a71094ddfca6f832e0535a3ee79303a6741368cf7ad2e4c52f34d
-
SSDEEP
1536:r/UfxGFXhq5sIbigObShA4swpA0j5cPBs4yNPf53gHCE:rckjeiFbSGNwpAU5sBm53gH
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5