General
-
Target
5c13c8665237ce1d5864ba644f8dbb9755d6e936ead6386d2f815d6312bc6858
-
Size
65KB
-
Sample
240424-t2dassdc71
-
MD5
07a98ea2c5eafae5d2f31261a0a2a2eb
-
SHA1
a7eec28343f66755f1f6518a3436d3489c3a70e6
-
SHA256
5c13c8665237ce1d5864ba644f8dbb9755d6e936ead6386d2f815d6312bc6858
-
SHA512
e6962c43f93408a1336e27fb1c705b058a4abf8a4f7f9821ab3d390b9f94397d091283338f1aae1df657d90d15e9f74d55c7ca9d2f862be034343dfda867da30
-
SSDEEP
1536:2KtQ2tXQsf0zaKCYE0igDWg7lqGCyOIXkuCnn:pa2ptfKCYIBG5RCnn
Static task
static1
Behavioral task
behavioral1
Sample
5c13c8665237ce1d5864ba644f8dbb9755d6e936ead6386d2f815d6312bc6858.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5c13c8665237ce1d5864ba644f8dbb9755d6e936ead6386d2f815d6312bc6858
-
Size
65KB
-
MD5
07a98ea2c5eafae5d2f31261a0a2a2eb
-
SHA1
a7eec28343f66755f1f6518a3436d3489c3a70e6
-
SHA256
5c13c8665237ce1d5864ba644f8dbb9755d6e936ead6386d2f815d6312bc6858
-
SHA512
e6962c43f93408a1336e27fb1c705b058a4abf8a4f7f9821ab3d390b9f94397d091283338f1aae1df657d90d15e9f74d55c7ca9d2f862be034343dfda867da30
-
SSDEEP
1536:2KtQ2tXQsf0zaKCYE0igDWg7lqGCyOIXkuCnn:pa2ptfKCYIBG5RCnn
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3