General
-
Target
9a3b6ee4e08b3f60360ee8e2e64f5c251d3aeba159ca5656d84437b169392e1f
-
Size
97KB
-
Sample
240611-bcs1vaycjj
-
MD5
05d2f9b117e3e7eafe4adbe963c457e5
-
SHA1
e0f3599ec3008b7470e7f8ce1ec2e52e15160fa1
-
SHA256
9a3b6ee4e08b3f60360ee8e2e64f5c251d3aeba159ca5656d84437b169392e1f
-
SHA512
96780a431c2e77ffe38a2b4dafe258ddcee428a7d334e62eb68a0c42ae5764be9bc576ca56177b75e7ac00c22500ec706e31bbb80d0d9d0df9668bfcb2e45776
-
SSDEEP
3072:lZqqQvx1nU1/7Q6aZGyc7El46doRcKoL6DWnk+/Xv0K2z:4vTnU1J562cKoLlXY
Static task
static1
Behavioral task
behavioral1
Sample
9a3b6ee4e08b3f60360ee8e2e64f5c251d3aeba159ca5656d84437b169392e1f.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9a3b6ee4e08b3f60360ee8e2e64f5c251d3aeba159ca5656d84437b169392e1f
-
Size
97KB
-
MD5
05d2f9b117e3e7eafe4adbe963c457e5
-
SHA1
e0f3599ec3008b7470e7f8ce1ec2e52e15160fa1
-
SHA256
9a3b6ee4e08b3f60360ee8e2e64f5c251d3aeba159ca5656d84437b169392e1f
-
SHA512
96780a431c2e77ffe38a2b4dafe258ddcee428a7d334e62eb68a0c42ae5764be9bc576ca56177b75e7ac00c22500ec706e31bbb80d0d9d0df9668bfcb2e45776
-
SSDEEP
3072:lZqqQvx1nU1/7Q6aZGyc7El46doRcKoL6DWnk+/Xv0K2z:4vTnU1J562cKoLlXY
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3