General
-
Target
468bf72a1061d6158fac8ec69f55d795f91b6ba6a5554befc4d9088121ffedf9
-
Size
97KB
-
Sample
240516-1llesshh55
-
MD5
4df846888498f6448922ff760f5f1ed6
-
SHA1
7d247d1a7236a529d2fb592b32b7cce78db1e13d
-
SHA256
468bf72a1061d6158fac8ec69f55d795f91b6ba6a5554befc4d9088121ffedf9
-
SHA512
db3468a209ae982881e6d49c442895e8aa2ec7c1df683719cd6f9935d10e3b4b4dc1ab38e62980401f2543db877286a3cca8dbf7f001fd7d6fa4f72e826391e9
-
SSDEEP
1536:5tFjGP/2PFArWORPLNX/AlF1X35yibpDsztRdSTvJg3rlqQD1QTndEXkQ:ljGX2PbOAP1n5yslsztrSTvJElvQzdA
Static task
static1
Behavioral task
behavioral1
Sample
468bf72a1061d6158fac8ec69f55d795f91b6ba6a5554befc4d9088121ffedf9.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
468bf72a1061d6158fac8ec69f55d795f91b6ba6a5554befc4d9088121ffedf9
-
Size
97KB
-
MD5
4df846888498f6448922ff760f5f1ed6
-
SHA1
7d247d1a7236a529d2fb592b32b7cce78db1e13d
-
SHA256
468bf72a1061d6158fac8ec69f55d795f91b6ba6a5554befc4d9088121ffedf9
-
SHA512
db3468a209ae982881e6d49c442895e8aa2ec7c1df683719cd6f9935d10e3b4b4dc1ab38e62980401f2543db877286a3cca8dbf7f001fd7d6fa4f72e826391e9
-
SSDEEP
1536:5tFjGP/2PFArWORPLNX/AlF1X35yibpDsztRdSTvJg3rlqQD1QTndEXkQ:ljGX2PbOAP1n5yslsztrSTvJElvQzdA
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3