General
-
Target
028d557d471a67be510421061dc376a5b2f9c3d0015ee9ba1d96e27e72839a34
-
Size
1.1MB
-
Sample
240529-wtvwzsdf42
-
MD5
dcd15634bb9c065a4b55e9798f10a17a
-
SHA1
979fb09e75ca827aa4cf1f773bbbd8963b1ffbb9
-
SHA256
028d557d471a67be510421061dc376a5b2f9c3d0015ee9ba1d96e27e72839a34
-
SHA512
f16597c050985c470abbccf27dc3cd135889e3764d9a5938f4d5ec998c232065d93c3aead3c067eee4a8d4f7a4f9e3a3472c5c0323b2efa09ad3f0da4142b05c
-
SSDEEP
24576:ZJqtZ2F83eGiHKCsLnMpK5SFdtNc/enhABFlEpdJo7:ZJq62hCsDaHdtNcDEpdJo7
Static task
static1
Behavioral task
behavioral1
Sample
028d557d471a67be510421061dc376a5b2f9c3d0015ee9ba1d96e27e72839a34.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
028d557d471a67be510421061dc376a5b2f9c3d0015ee9ba1d96e27e72839a34
-
Size
1.1MB
-
MD5
dcd15634bb9c065a4b55e9798f10a17a
-
SHA1
979fb09e75ca827aa4cf1f773bbbd8963b1ffbb9
-
SHA256
028d557d471a67be510421061dc376a5b2f9c3d0015ee9ba1d96e27e72839a34
-
SHA512
f16597c050985c470abbccf27dc3cd135889e3764d9a5938f4d5ec998c232065d93c3aead3c067eee4a8d4f7a4f9e3a3472c5c0323b2efa09ad3f0da4142b05c
-
SSDEEP
24576:ZJqtZ2F83eGiHKCsLnMpK5SFdtNc/enhABFlEpdJo7:ZJq62hCsDaHdtNcDEpdJo7
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1