General
-
Target
f0bc04fae4e1df9a2aaca51be4836d82b85a79be4c8210ab3507113af2274b32
-
Size
97KB
-
Sample
240504-fghg5age88
-
MD5
0855289a518e7145535157c589bf2c86
-
SHA1
292adb0f1d27142c361f5b8151b816961c2b7e8e
-
SHA256
f0bc04fae4e1df9a2aaca51be4836d82b85a79be4c8210ab3507113af2274b32
-
SHA512
22a4b1d34e1b4eff37c70e0058e06355b8fa44814c532fde265824ad78dd9cb948ab043ba5cda93f393b4fb754b8a1902d222af84c16918877b2fc73f617183d
-
SSDEEP
1536:k6i8YRSmCA58k42saRg9PiGBCWLAeQbbjUyaIth1+Y0imeXgdhxV:didRA2brtUNBCWLAVPUg5meX
Static task
static1
Behavioral task
behavioral1
Sample
f0bc04fae4e1df9a2aaca51be4836d82b85a79be4c8210ab3507113af2274b32.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f0bc04fae4e1df9a2aaca51be4836d82b85a79be4c8210ab3507113af2274b32
-
Size
97KB
-
MD5
0855289a518e7145535157c589bf2c86
-
SHA1
292adb0f1d27142c361f5b8151b816961c2b7e8e
-
SHA256
f0bc04fae4e1df9a2aaca51be4836d82b85a79be4c8210ab3507113af2274b32
-
SHA512
22a4b1d34e1b4eff37c70e0058e06355b8fa44814c532fde265824ad78dd9cb948ab043ba5cda93f393b4fb754b8a1902d222af84c16918877b2fc73f617183d
-
SSDEEP
1536:k6i8YRSmCA58k42saRg9PiGBCWLAeQbbjUyaIth1+Y0imeXgdhxV:didRA2brtUNBCWLAVPUg5meX
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5