General
-
Target
bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0N
-
Size
120KB
-
Sample
241104-f74haaxnep
-
MD5
0ef28502bec413eaa056d505e6bac6a0
-
SHA1
93b9474f0a123d28abc7ee0f5f24734dfebf1030
-
SHA256
bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0
-
SHA512
d6d66c0c51124c26e9d1517e3edb3956a8bb9d29fbc7c792c36214f374e7d2c6d1bec1361293ded28bc49f812410a95956516676216876f9c581ca5b4241b805
-
SSDEEP
1536:luJAgAU/Qkz5kD4gSM/mOQbQ2dI2zrR5jsrV6TxYZWyBkBA5P+KWIKhyoeNrtaDj:kGbwo4gSrN5js5+YZWyMA5tosa
Static task
static1
Behavioral task
behavioral1
Sample
bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0N
-
Size
120KB
-
MD5
0ef28502bec413eaa056d505e6bac6a0
-
SHA1
93b9474f0a123d28abc7ee0f5f24734dfebf1030
-
SHA256
bfc4b3380e1d01f901c3db12da808c353b93a79ffde5cc291adfd70954d2c9a0
-
SHA512
d6d66c0c51124c26e9d1517e3edb3956a8bb9d29fbc7c792c36214f374e7d2c6d1bec1361293ded28bc49f812410a95956516676216876f9c581ca5b4241b805
-
SSDEEP
1536:luJAgAU/Qkz5kD4gSM/mOQbQ2dI2zrR5jsrV6TxYZWyBkBA5P+KWIKhyoeNrtaDj:kGbwo4gSrN5js5+YZWyMA5tosa
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5