General
-
Target
4a4d3eb67da40094714346116f3e9176b3ff44a1f1e01a479b44376852f31301
-
Size
100KB
-
Sample
240522-z6549shc44
-
MD5
f06b90e8439d3b3b94467e080b9970e0
-
SHA1
67c03284e74196aeffe5b11713c54d0f3bf0a3f9
-
SHA256
4a4d3eb67da40094714346116f3e9176b3ff44a1f1e01a479b44376852f31301
-
SHA512
d471503e3f22efa4cb4dadb9c687ed93672b7a6d05d82d2d636178b2b7ab4400d92f7d1c00185007c600b2f0e74f9933daa17aecbe1314dc5e2bb0c50b7251ad
-
SSDEEP
1536:RapRq3H+u/4VxtpYS2zwyydjUoKpe/weACIg:RaXq+s4VBYRzIjUpedtn
Static task
static1
Behavioral task
behavioral1
Sample
4a4d3eb67da40094714346116f3e9176b3ff44a1f1e01a479b44376852f31301.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
4a4d3eb67da40094714346116f3e9176b3ff44a1f1e01a479b44376852f31301
-
Size
100KB
-
MD5
f06b90e8439d3b3b94467e080b9970e0
-
SHA1
67c03284e74196aeffe5b11713c54d0f3bf0a3f9
-
SHA256
4a4d3eb67da40094714346116f3e9176b3ff44a1f1e01a479b44376852f31301
-
SHA512
d471503e3f22efa4cb4dadb9c687ed93672b7a6d05d82d2d636178b2b7ab4400d92f7d1c00185007c600b2f0e74f9933daa17aecbe1314dc5e2bb0c50b7251ad
-
SSDEEP
1536:RapRq3H+u/4VxtpYS2zwyydjUoKpe/weACIg:RaXq+s4VBYRzIjUpedtn
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3