General
-
Target
581333e97cdaec1b65da6b77b46d151884e63c4f6d1867969a32a477e80187e1
-
Size
120KB
-
Sample
240518-1hkdbshe58
-
MD5
6c710b61af68ca7014367fa46e6c5e2e
-
SHA1
5629439f3994e118d79c68a64b1b88573de12346
-
SHA256
581333e97cdaec1b65da6b77b46d151884e63c4f6d1867969a32a477e80187e1
-
SHA512
fed1a6de193567535e91ca7f17bbb2e129109ed28c0d57f3e9d79572c91d0baef75a6301be94416b0245f1ac37096404c7caaf02371be54b9f0bf1fc5f3acedc
-
SSDEEP
3072:Q29w75h9dBCnQ245lQz9jAH6SI34yItF:HsVdB2wlQdjSI34yeF
Static task
static1
Behavioral task
behavioral1
Sample
581333e97cdaec1b65da6b77b46d151884e63c4f6d1867969a32a477e80187e1.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
581333e97cdaec1b65da6b77b46d151884e63c4f6d1867969a32a477e80187e1
-
Size
120KB
-
MD5
6c710b61af68ca7014367fa46e6c5e2e
-
SHA1
5629439f3994e118d79c68a64b1b88573de12346
-
SHA256
581333e97cdaec1b65da6b77b46d151884e63c4f6d1867969a32a477e80187e1
-
SHA512
fed1a6de193567535e91ca7f17bbb2e129109ed28c0d57f3e9d79572c91d0baef75a6301be94416b0245f1ac37096404c7caaf02371be54b9f0bf1fc5f3acedc
-
SSDEEP
3072:Q29w75h9dBCnQ245lQz9jAH6SI34yItF:HsVdB2wlQdjSI34yeF
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3