General
-
Target
7ac323778529109c8a88da5cfba509a424f0b2a1515180ec82b1459ebeac9e3b
-
Size
120KB
-
Sample
240522-by3r6sgb39
-
MD5
423ebc006b6fcd8ec3b6a1fe5a167618
-
SHA1
29e7e3dbdebf3f23a6cc2c7ff29c7677e8d2a6ec
-
SHA256
7ac323778529109c8a88da5cfba509a424f0b2a1515180ec82b1459ebeac9e3b
-
SHA512
9af7eb5354967a7e4aeb7ce2f89c5670ef1be06f52a50c46474abf0fed6e3a5a0b332bd88e5973b6a7c30c7311bcfb2ba3a90ccfb14250e13431646200f5334f
-
SSDEEP
3072:Qh26F5ZpdPl0r4KDylytxN9UyIBI/RR0+ITIIL46TG:j6FPlW6yH/JITIIL46TG
Static task
static1
Behavioral task
behavioral1
Sample
7ac323778529109c8a88da5cfba509a424f0b2a1515180ec82b1459ebeac9e3b.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7ac323778529109c8a88da5cfba509a424f0b2a1515180ec82b1459ebeac9e3b
-
Size
120KB
-
MD5
423ebc006b6fcd8ec3b6a1fe5a167618
-
SHA1
29e7e3dbdebf3f23a6cc2c7ff29c7677e8d2a6ec
-
SHA256
7ac323778529109c8a88da5cfba509a424f0b2a1515180ec82b1459ebeac9e3b
-
SHA512
9af7eb5354967a7e4aeb7ce2f89c5670ef1be06f52a50c46474abf0fed6e3a5a0b332bd88e5973b6a7c30c7311bcfb2ba3a90ccfb14250e13431646200f5334f
-
SSDEEP
3072:Qh26F5ZpdPl0r4KDylytxN9UyIBI/RR0+ITIIL46TG:j6FPlW6yH/JITIIL46TG
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3