General
-
Target
fc486d8a43c535da050e562b2399aa586461f0cfc16ab1f1c1cc567eb28d0806
-
Size
97KB
-
Sample
240529-e2l6dabc44
-
MD5
7f3e54ed2e2a160976d633823e40d408
-
SHA1
ac9a2c9cf87317fc411fc847103f173aad6fbd74
-
SHA256
fc486d8a43c535da050e562b2399aa586461f0cfc16ab1f1c1cc567eb28d0806
-
SHA512
89e34f36d11a3770a4b41163072d26bc4fc61919641b12d0283377e0354540150d05cf74e669f56080fa639f11dc6f8a8497cdfa651e8703a1b8c3c573e35f52
-
SSDEEP
1536:UkBkkt6wRTlK/+PVKKG0c0RXSUUEtt5Ezs88O33CC9OfAodj1AmnkGL1a:ZN7rpG0c0JNhfEA8FyC4IWj1AEZ
Static task
static1
Behavioral task
behavioral1
Sample
fc486d8a43c535da050e562b2399aa586461f0cfc16ab1f1c1cc567eb28d0806.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fc486d8a43c535da050e562b2399aa586461f0cfc16ab1f1c1cc567eb28d0806
-
Size
97KB
-
MD5
7f3e54ed2e2a160976d633823e40d408
-
SHA1
ac9a2c9cf87317fc411fc847103f173aad6fbd74
-
SHA256
fc486d8a43c535da050e562b2399aa586461f0cfc16ab1f1c1cc567eb28d0806
-
SHA512
89e34f36d11a3770a4b41163072d26bc4fc61919641b12d0283377e0354540150d05cf74e669f56080fa639f11dc6f8a8497cdfa651e8703a1b8c3c573e35f52
-
SSDEEP
1536:UkBkkt6wRTlK/+PVKKG0c0RXSUUEtt5Ezs88O33CC9OfAodj1AmnkGL1a:ZN7rpG0c0JNhfEA8FyC4IWj1AEZ
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5