General
-
Target
17b015a139a4a6c7d8aaa1ce1ee2ee95d1d03bcc05b384e956cc7a8a8dcad1ab
-
Size
120KB
-
Sample
240422-xw6xpsfa5y
-
MD5
1b9a9cbc455c00cf2129fe9b949d6e5b
-
SHA1
d0387854294f35f68cc66f2a0885cbea1bce41e9
-
SHA256
17b015a139a4a6c7d8aaa1ce1ee2ee95d1d03bcc05b384e956cc7a8a8dcad1ab
-
SHA512
fe87c57b31771f215c21e279fa1f2edd5c40be0e8e8a60bd704633f8e5debcc79aa38552be121e54135daea8ce0073dd0af7f4b658142f3359c07da4eaeb591e
-
SSDEEP
3072:6A/YFNveNL0cMNqiahLWv3aOYg+xnXMipFI5Y:6iYFNgLbMEigo3a8y82
Static task
static1
Behavioral task
behavioral1
Sample
17b015a139a4a6c7d8aaa1ce1ee2ee95d1d03bcc05b384e956cc7a8a8dcad1ab.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
17b015a139a4a6c7d8aaa1ce1ee2ee95d1d03bcc05b384e956cc7a8a8dcad1ab
-
Size
120KB
-
MD5
1b9a9cbc455c00cf2129fe9b949d6e5b
-
SHA1
d0387854294f35f68cc66f2a0885cbea1bce41e9
-
SHA256
17b015a139a4a6c7d8aaa1ce1ee2ee95d1d03bcc05b384e956cc7a8a8dcad1ab
-
SHA512
fe87c57b31771f215c21e279fa1f2edd5c40be0e8e8a60bd704633f8e5debcc79aa38552be121e54135daea8ce0073dd0af7f4b658142f3359c07da4eaeb591e
-
SSDEEP
3072:6A/YFNveNL0cMNqiahLWv3aOYg+xnXMipFI5Y:6iYFNgLbMEigo3a8y82
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5