General
-
Target
765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46
-
Size
120KB
-
Sample
240530-3e3fvaea7t
-
MD5
c81a27fcd6912e264dd79445ff555134
-
SHA1
b143c5c3577d1b63999f327e76390f2989d57e30
-
SHA256
765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46
-
SHA512
c88c19ba6851867215d81d14cdb1c92803e40ea57f0f9aa7b8bc7f5964fe0f1b2030a3f09370faf290f571f75423a7370b77dfc1b16f3658f38988cf8e900dc9
-
SSDEEP
3072:qOMQejCwTqJAeuZGOm2AUv9tRxS8940ez7c:q1TLXzmpU5A8qv7
Static task
static1
Behavioral task
behavioral1
Sample
765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46
-
Size
120KB
-
MD5
c81a27fcd6912e264dd79445ff555134
-
SHA1
b143c5c3577d1b63999f327e76390f2989d57e30
-
SHA256
765f92169e508a2b9581942b54724803bde2e77d34d068a58dbaffa0671d5b46
-
SHA512
c88c19ba6851867215d81d14cdb1c92803e40ea57f0f9aa7b8bc7f5964fe0f1b2030a3f09370faf290f571f75423a7370b77dfc1b16f3658f38988cf8e900dc9
-
SSDEEP
3072:qOMQejCwTqJAeuZGOm2AUv9tRxS8940ez7c:q1TLXzmpU5A8qv7
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5