General
-
Target
ed5f24530193af5758b557b996925170bc92b2c3b3d059d54a2f1d7abb267ae9
-
Size
120KB
-
Sample
240424-175qkaag22
-
MD5
366bd82ea38c845c2eeefccf016de8fe
-
SHA1
fab35f32bd224ba86de85863422c5d5da1106b2b
-
SHA256
ed5f24530193af5758b557b996925170bc92b2c3b3d059d54a2f1d7abb267ae9
-
SHA512
be533ecd18d68f42c8c06784475b9093117e44aefa3b75d8f5c78831f725b7f36069128c29ea7a5316acae47f94e8a7a3062ddd15977951df90db3f8c30863b0
-
SSDEEP
1536:koBSHEvc0hL2UE8IEQ7dCeak9B/6t4xk/SVgRfG3OpUap1f1JKsXLqe9wDk:koBW0MTREs9E1fG3OxpVvOe90
Static task
static1
Behavioral task
behavioral1
Sample
ed5f24530193af5758b557b996925170bc92b2c3b3d059d54a2f1d7abb267ae9.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ed5f24530193af5758b557b996925170bc92b2c3b3d059d54a2f1d7abb267ae9
-
Size
120KB
-
MD5
366bd82ea38c845c2eeefccf016de8fe
-
SHA1
fab35f32bd224ba86de85863422c5d5da1106b2b
-
SHA256
ed5f24530193af5758b557b996925170bc92b2c3b3d059d54a2f1d7abb267ae9
-
SHA512
be533ecd18d68f42c8c06784475b9093117e44aefa3b75d8f5c78831f725b7f36069128c29ea7a5316acae47f94e8a7a3062ddd15977951df90db3f8c30863b0
-
SSDEEP
1536:koBSHEvc0hL2UE8IEQ7dCeak9B/6t4xk/SVgRfG3OpUap1f1JKsXLqe9wDk:koBW0MTREs9E1fG3OxpVvOe90
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3