General
-
Target
abe72f21162c7034bdac8871251c22534ad7b3454e95af5b0a50a35512c3323f
-
Size
120KB
-
Sample
240518-b7lj9aee8x
-
MD5
71305acc3015beff7266b85370ff3363
-
SHA1
d29c0a7bdfbe9af43784483ac973687564fad756
-
SHA256
abe72f21162c7034bdac8871251c22534ad7b3454e95af5b0a50a35512c3323f
-
SHA512
6391f4a4c83532040a545479b87f3d3e5ea5f290a89f02c4899c381221c6f6938aa1dd8cbeaea3b0e0eb768db33fa4849a1912e139d6b29b78c57b63bba32618
-
SSDEEP
3072:U1pIZQjlSUqniIeL0amHQbTJXVC7xJxAG0Qss3:Uj/Rq5ew1HQa9JeQz
Static task
static1
Behavioral task
behavioral1
Sample
abe72f21162c7034bdac8871251c22534ad7b3454e95af5b0a50a35512c3323f.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
abe72f21162c7034bdac8871251c22534ad7b3454e95af5b0a50a35512c3323f
-
Size
120KB
-
MD5
71305acc3015beff7266b85370ff3363
-
SHA1
d29c0a7bdfbe9af43784483ac973687564fad756
-
SHA256
abe72f21162c7034bdac8871251c22534ad7b3454e95af5b0a50a35512c3323f
-
SHA512
6391f4a4c83532040a545479b87f3d3e5ea5f290a89f02c4899c381221c6f6938aa1dd8cbeaea3b0e0eb768db33fa4849a1912e139d6b29b78c57b63bba32618
-
SSDEEP
3072:U1pIZQjlSUqniIeL0amHQbTJXVC7xJxAG0Qss3:Uj/Rq5ew1HQa9JeQz
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3