General
-
Target
851b10e56dd47d4e1624913586c416d64699d30e232d8179b23f7ab369a64c5a
-
Size
65KB
-
Sample
240423-aqymtaab35
-
MD5
9ef232226174ad5e39bac59f3aa11b07
-
SHA1
8aa6cfbd732fd82d959dfd5ab11fe7f60907e436
-
SHA256
851b10e56dd47d4e1624913586c416d64699d30e232d8179b23f7ab369a64c5a
-
SHA512
d23e7b03c5e27358aa68e53b3bee089101565c4785a3320963352aee4eeb0fa6003bb9e3d0b85c38664124cf4b1761b6a9cb0c0a1c7bfd7ceca7951899a0a78c
-
SSDEEP
1536:7aM3jHVJrjxeZBJLoISoIx6IR0Nn0MM98Gk11D:OMTHzrUiIw0Nm98ZD
Static task
static1
Behavioral task
behavioral1
Sample
851b10e56dd47d4e1624913586c416d64699d30e232d8179b23f7ab369a64c5a.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
851b10e56dd47d4e1624913586c416d64699d30e232d8179b23f7ab369a64c5a
-
Size
65KB
-
MD5
9ef232226174ad5e39bac59f3aa11b07
-
SHA1
8aa6cfbd732fd82d959dfd5ab11fe7f60907e436
-
SHA256
851b10e56dd47d4e1624913586c416d64699d30e232d8179b23f7ab369a64c5a
-
SHA512
d23e7b03c5e27358aa68e53b3bee089101565c4785a3320963352aee4eeb0fa6003bb9e3d0b85c38664124cf4b1761b6a9cb0c0a1c7bfd7ceca7951899a0a78c
-
SSDEEP
1536:7aM3jHVJrjxeZBJLoISoIx6IR0Nn0MM98Gk11D:OMTHzrUiIw0Nm98ZD
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3