General
-
Target
a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450
-
Size
65KB
-
Sample
240531-bvewyahh8w
-
MD5
b4df081f6da01cc2ca38d0730a5e1bb6
-
SHA1
3c8138766190d7a3132ea97b10b02d4525673108
-
SHA256
a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450
-
SHA512
4c1e5d38ce50f42c402b5571c2e7fefdfb2ec0e65f9b97d8cf392a1f3ef06085f7443b45115149a1205e87d96b46f86841201cec76af551e4005cb0956a59168
-
SSDEEP
1536:7ugB5Ui6NHzb/yu3qzywXf05oK/wCA96RLaPwd6WwdePAoR8:7/Ui8Hzj3eywXInk6RLnyev8
Static task
static1
Behavioral task
behavioral1
Sample
a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450
-
Size
65KB
-
MD5
b4df081f6da01cc2ca38d0730a5e1bb6
-
SHA1
3c8138766190d7a3132ea97b10b02d4525673108
-
SHA256
a624f8ed2156c456f876ad2a26b18bb2f80b97ee55a9317244de6239cd591450
-
SHA512
4c1e5d38ce50f42c402b5571c2e7fefdfb2ec0e65f9b97d8cf392a1f3ef06085f7443b45115149a1205e87d96b46f86841201cec76af551e4005cb0956a59168
-
SSDEEP
1536:7ugB5Ui6NHzb/yu3qzywXf05oK/wCA96RLaPwd6WwdePAoR8:7/Ui8Hzj3eywXInk6RLnyev8
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5