General
-
Target
7f40f8804aecb3e31fd9dc76880acd529d36b6f21c7b435d3171be32a663518c
-
Size
3.6MB
-
Sample
241031-bwf6dsvlbs
-
MD5
9eab34e8d2c15af28b00c66d8c4d4beb
-
SHA1
fca1b21f343e40a167e034bb8e9f04f29be14723
-
SHA256
7f40f8804aecb3e31fd9dc76880acd529d36b6f21c7b435d3171be32a663518c
-
SHA512
53194d82fafe83aef996f397f396639897113a4d39229756507102ee8c08f7ca2cb57cf2b7229120aab1ee3c598a0f89a787e5da994a8659a563d0b84289c440
-
SSDEEP
49152:pxn31JO5x1bfZ1VWFWARNktuteMuLZHFOwzXCqPVEaPeUWeHGf+f:r+n1zZ2FWAfRSL1wSXCqNCDYG2f
Behavioral task
behavioral1
Sample
7f40f8804aecb3e31fd9dc76880acd529d36b6f21c7b435d3171be32a663518c.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7f40f8804aecb3e31fd9dc76880acd529d36b6f21c7b435d3171be32a663518c
-
Size
3.6MB
-
MD5
9eab34e8d2c15af28b00c66d8c4d4beb
-
SHA1
fca1b21f343e40a167e034bb8e9f04f29be14723
-
SHA256
7f40f8804aecb3e31fd9dc76880acd529d36b6f21c7b435d3171be32a663518c
-
SHA512
53194d82fafe83aef996f397f396639897113a4d39229756507102ee8c08f7ca2cb57cf2b7229120aab1ee3c598a0f89a787e5da994a8659a563d0b84289c440
-
SSDEEP
49152:pxn31JO5x1bfZ1VWFWARNktuteMuLZHFOwzXCqPVEaPeUWeHGf+f:r+n1zZ2FWAfRSL1wSXCqNCDYG2f
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7