General
-
Target
870b37e02431b79bfe5debcb2a6f27f67a255a96b5ce0b7cf270720cb0f7a3cf
-
Size
4.4MB
-
Sample
240518-3f9ljsdh5t
-
MD5
93bf1a918b8ea7bfd4d53f7f54de6282
-
SHA1
b8aea380163f1a82bee3b41d1042261c06f70e04
-
SHA256
870b37e02431b79bfe5debcb2a6f27f67a255a96b5ce0b7cf270720cb0f7a3cf
-
SHA512
ecfae311b2782766deabba0828e962e3211b2b355797a23568f51b500af0365f488afd2a69a0b915dd03129551bc527c047d183286cb337fdcffa9d0d8996066
-
SSDEEP
1536:MNyqVAb8dnlAUTFTgKDzRDVE4jt5HMCceGzcfdRTgYtSp1C7Sqbz67:sZVAIBlAUJTznR7qCVGzcf7g2Sq67
Static task
static1
Behavioral task
behavioral1
Sample
870b37e02431b79bfe5debcb2a6f27f67a255a96b5ce0b7cf270720cb0f7a3cf.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
870b37e02431b79bfe5debcb2a6f27f67a255a96b5ce0b7cf270720cb0f7a3cf
-
Size
4.4MB
-
MD5
93bf1a918b8ea7bfd4d53f7f54de6282
-
SHA1
b8aea380163f1a82bee3b41d1042261c06f70e04
-
SHA256
870b37e02431b79bfe5debcb2a6f27f67a255a96b5ce0b7cf270720cb0f7a3cf
-
SHA512
ecfae311b2782766deabba0828e962e3211b2b355797a23568f51b500af0365f488afd2a69a0b915dd03129551bc527c047d183286cb337fdcffa9d0d8996066
-
SSDEEP
1536:MNyqVAb8dnlAUTFTgKDzRDVE4jt5HMCceGzcfdRTgYtSp1C7Sqbz67:sZVAIBlAUJTznR7qCVGzcf7g2Sq67
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
9