General
-
Target
2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia
-
Size
1.2MB
-
Sample
240423-syvj8she49
-
MD5
99e362658aa0b1e28823392a7c3bbc83
-
SHA1
6714866acabc3da3a1feafea6c94afc45e208d2d
-
SHA256
0a8ca9dfe0d69e5de08e03c8f402a7494507d93b9a1d748b71e9bbf6c5c90559
-
SHA512
e52704fb8996c8ffd29127453e0858e45bc3e0859713e1dd7af364eb27d1bb61c909a117a7c414705b1e78bce078feba56869fc6d4e7fad42d4c61d9b01c088c
-
SSDEEP
24576:1B9NejMimnzoO+BJQ9A99JbirrfmobiSMkhLBzrCxQi/lL+kxCce:PejMimnzorBJQejJ+vfmo6k7bg5+Dce
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia
-
Size
1.2MB
-
MD5
99e362658aa0b1e28823392a7c3bbc83
-
SHA1
6714866acabc3da3a1feafea6c94afc45e208d2d
-
SHA256
0a8ca9dfe0d69e5de08e03c8f402a7494507d93b9a1d748b71e9bbf6c5c90559
-
SHA512
e52704fb8996c8ffd29127453e0858e45bc3e0859713e1dd7af364eb27d1bb61c909a117a7c414705b1e78bce078feba56869fc6d4e7fad42d4c61d9b01c088c
-
SSDEEP
24576:1B9NejMimnzoO+BJQ9A99JbirrfmobiSMkhLBzrCxQi/lL+kxCce:PejMimnzorBJQejJ+vfmo6k7bg5+Dce
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3