General
-
Target
a5d62dc5b86804bb92a2b7eadfd44d37bd9b4e3c421a553f846a9ffd8ca86d75
-
Size
120KB
-
Sample
240611-bxezqazbqk
-
MD5
687ff879f9adbca71ed78394f3d2142b
-
SHA1
771244ae48beb482dd31cef01d71ed6ed12cd3fd
-
SHA256
a5d62dc5b86804bb92a2b7eadfd44d37bd9b4e3c421a553f846a9ffd8ca86d75
-
SHA512
7cb1f1d83419356a5869256ae7855020a5c369d443fe6a21ec29ea950800b20a86566588170b60f4bca86b504fc60abaaf537a20283ff2b214b6cf7dfac12e22
-
SSDEEP
3072:8MXL49KQmix6nFFekWR7lzzpdIiMv7ujSm:8lhhk4BzzH+vU
Static task
static1
Behavioral task
behavioral1
Sample
a5d62dc5b86804bb92a2b7eadfd44d37bd9b4e3c421a553f846a9ffd8ca86d75.dll
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a5d62dc5b86804bb92a2b7eadfd44d37bd9b4e3c421a553f846a9ffd8ca86d75
-
Size
120KB
-
MD5
687ff879f9adbca71ed78394f3d2142b
-
SHA1
771244ae48beb482dd31cef01d71ed6ed12cd3fd
-
SHA256
a5d62dc5b86804bb92a2b7eadfd44d37bd9b4e3c421a553f846a9ffd8ca86d75
-
SHA512
7cb1f1d83419356a5869256ae7855020a5c369d443fe6a21ec29ea950800b20a86566588170b60f4bca86b504fc60abaaf537a20283ff2b214b6cf7dfac12e22
-
SSDEEP
3072:8MXL49KQmix6nFFekWR7lzzpdIiMv7ujSm:8lhhk4BzzH+vU
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3