General
-
Target
6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
-
Size
1.8MB
-
Sample
240529-2hp49adc69
-
MD5
2cb81b12de4a87139a4c19468341780c
-
SHA1
22897ebc0a9dfc67cb6bb985253e73338f844192
-
SHA256
6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
-
SHA512
c1c586019e8e1e4ecb41991e34284881e5113903f0209259c271b62e894e708660a715b8787ab6659213f2fba4b0fbc13cdf866e529c7c938bc2c86586059b7d
-
SSDEEP
49152:ujZxx4CnLdGOTalVz9vKxRwblCvQ3g7c39j5JMX/ECZViEJkT:SDmPNB8I3g7cNjnMPXZVET
Static task
static1
Behavioral task
behavioral1
Sample
6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083.exe
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
-
Size
1.8MB
-
MD5
2cb81b12de4a87139a4c19468341780c
-
SHA1
22897ebc0a9dfc67cb6bb985253e73338f844192
-
SHA256
6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
-
SHA512
c1c586019e8e1e4ecb41991e34284881e5113903f0209259c271b62e894e708660a715b8787ab6659213f2fba4b0fbc13cdf866e529c7c938bc2c86586059b7d
-
SSDEEP
49152:ujZxx4CnLdGOTalVz9vKxRwblCvQ3g7c39j5JMX/ECZViEJkT:SDmPNB8I3g7cNjnMPXZVET
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1