General
-
Target
8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa
-
Size
120KB
-
Sample
240424-w851hafb34
-
MD5
bfbdc08f8ca586122c5f5cb28e525ee4
-
SHA1
c6ee3a21878f2c2a30bbdd145b3d03c17dda55da
-
SHA256
8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa
-
SHA512
c06ae03b486b6b41233762901ea3f534ec7e3e7b77df17fcee955f14643f0c9ad8068e269b6ec4211ec5ef0ad21c16f9873803d610a7098e67b4a6ba2edf0f4c
-
SSDEEP
3072:B2+28ag0SbOx2uUx5uvVntnRkezIuJK24sJ:L/kfAuyudnNR7zIRBs
Static task
static1
Behavioral task
behavioral1
Sample
8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa.dll
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa
-
Size
120KB
-
MD5
bfbdc08f8ca586122c5f5cb28e525ee4
-
SHA1
c6ee3a21878f2c2a30bbdd145b3d03c17dda55da
-
SHA256
8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa
-
SHA512
c06ae03b486b6b41233762901ea3f534ec7e3e7b77df17fcee955f14643f0c9ad8068e269b6ec4211ec5ef0ad21c16f9873803d610a7098e67b4a6ba2edf0f4c
-
SSDEEP
3072:B2+28ag0SbOx2uUx5uvVntnRkezIuJK24sJ:L/kfAuyudnNR7zIRBs
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5