General
-
Target
2b6ec67bc45941aac20ac88d3a54ab1c8f707568a74ef5557dd0c3be5f0a572c
-
Size
65KB
-
Sample
240422-yxxabsfe86
-
MD5
5ed1a4693f67970c854cbecb9b479f07
-
SHA1
91ffd795b40b614cb5e7d90c0ac2382995861b2a
-
SHA256
2b6ec67bc45941aac20ac88d3a54ab1c8f707568a74ef5557dd0c3be5f0a572c
-
SHA512
6e4ab03b921468423afbc32a3aef04c9d415131eacbc8fc29933c9383885484eabb7b5ce1ff0964bb18f426081cb3f5a0177837300854ace343ec65b7efe5c30
-
SSDEEP
1536:DACaoS67Gf0PYF5H6/sK8PfTC4/OvBC80aPbhOp3lAPWkM6Op3VfOkP0igv:DACap6nPcH6/B8PfWbZC80UhOTA+H9VY
Static task
static1
Behavioral task
behavioral1
Sample
2b6ec67bc45941aac20ac88d3a54ab1c8f707568a74ef5557dd0c3be5f0a572c.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2b6ec67bc45941aac20ac88d3a54ab1c8f707568a74ef5557dd0c3be5f0a572c
-
Size
65KB
-
MD5
5ed1a4693f67970c854cbecb9b479f07
-
SHA1
91ffd795b40b614cb5e7d90c0ac2382995861b2a
-
SHA256
2b6ec67bc45941aac20ac88d3a54ab1c8f707568a74ef5557dd0c3be5f0a572c
-
SHA512
6e4ab03b921468423afbc32a3aef04c9d415131eacbc8fc29933c9383885484eabb7b5ce1ff0964bb18f426081cb3f5a0177837300854ace343ec65b7efe5c30
-
SSDEEP
1536:DACaoS67Gf0PYF5H6/sK8PfTC4/OvBC80aPbhOp3lAPWkM6Op3VfOkP0igv:DACap6nPcH6/B8PfWbZC80UhOTA+H9VY
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5