General
-
Target
80376c647b3d54978f26072d5b1699ce3384d50bb9bfd9c9c9656364084fcbfe
-
Size
132KB
-
Sample
240522-3ngkqsdd9y
-
MD5
6e61786732b6f48298ece472af802c25
-
SHA1
89a1e36c6e7451081cca20351c2aac9c4c2672f8
-
SHA256
80376c647b3d54978f26072d5b1699ce3384d50bb9bfd9c9c9656364084fcbfe
-
SHA512
1aa19e7c6cc18e653653ec5efd0ca86b045ff38efd4c92b89ba071cdf9434704d31278b7df922790a2242640e5ddfbec95e14d2f76613702bf73a5f95d99a220
-
SSDEEP
1536:DJf83W8W60IL26Ap8iJySzlme3pUy3TDq+NcawHbNBleOD6MlSoUljObrEF8EX4n:DJCD548iJHxfq+Ncaw3fuOUhPm+N
Static task
static1
Behavioral task
behavioral1
Sample
80376c647b3d54978f26072d5b1699ce3384d50bb9bfd9c9c9656364084fcbfe.exe
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
80376c647b3d54978f26072d5b1699ce3384d50bb9bfd9c9c9656364084fcbfe
-
Size
132KB
-
MD5
6e61786732b6f48298ece472af802c25
-
SHA1
89a1e36c6e7451081cca20351c2aac9c4c2672f8
-
SHA256
80376c647b3d54978f26072d5b1699ce3384d50bb9bfd9c9c9656364084fcbfe
-
SHA512
1aa19e7c6cc18e653653ec5efd0ca86b045ff38efd4c92b89ba071cdf9434704d31278b7df922790a2242640e5ddfbec95e14d2f76613702bf73a5f95d99a220
-
SSDEEP
1536:DJf83W8W60IL26Ap8iJySzlme3pUy3TDq+NcawHbNBleOD6MlSoUljObrEF8EX4n:DJCD548iJHxfq+Ncaw3fuOUhPm+N
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
7Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3