General
-
Target
2623573eec072405f777ae40ee09642a2ea25e6e34855785aaedf9bdcc2074f1
-
Size
120KB
-
Sample
240529-yhx83sff3s
-
MD5
8701b6d6d9e56dcc7ef1a0d061a3ce63
-
SHA1
dffb497a229b632a164620f9dd856b0a05ceb58d
-
SHA256
2623573eec072405f777ae40ee09642a2ea25e6e34855785aaedf9bdcc2074f1
-
SHA512
15dfa8fefedc6e32e92725f2b35cff8db0d375a0c7fff22fcca34278e8a7707157cbf0307fc14df4baa59dcbff53c706a83800b590eb10e96d1247bc766209b2
-
SSDEEP
3072:jSSWGY3DtIh7KZbm0inyDN2MCyTf3kiLGb4rc:Sr3DWcm0MANj7Tn6b4rc
Static task
static1
Behavioral task
behavioral1
Sample
2623573eec072405f777ae40ee09642a2ea25e6e34855785aaedf9bdcc2074f1.dll
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2623573eec072405f777ae40ee09642a2ea25e6e34855785aaedf9bdcc2074f1
-
Size
120KB
-
MD5
8701b6d6d9e56dcc7ef1a0d061a3ce63
-
SHA1
dffb497a229b632a164620f9dd856b0a05ceb58d
-
SHA256
2623573eec072405f777ae40ee09642a2ea25e6e34855785aaedf9bdcc2074f1
-
SHA512
15dfa8fefedc6e32e92725f2b35cff8db0d375a0c7fff22fcca34278e8a7707157cbf0307fc14df4baa59dcbff53c706a83800b590eb10e96d1247bc766209b2
-
SSDEEP
3072:jSSWGY3DtIh7KZbm0inyDN2MCyTf3kiLGb4rc:Sr3DWcm0MANj7Tn6b4rc
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5