General
-
Target
28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd
-
Size
1.2MB
-
Sample
241104-zks8ksxaqd
-
MD5
7d8d87a3c5cd0900bcb95a209ef1dc04
-
SHA1
3cc8fd39291f65b5bb3e2ffd66ab7d93aa10a98d
-
SHA256
28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd
-
SHA512
18591ee908d8e9b5e3bcccdbc9a320d5b951c7a0631aa8adec1f1c3e5e519ce15734a989566a406e2dd8a43684bea64b8182010d07e4be63d4b3e7bd3e462d38
-
SSDEEP
24576:eSF0ZVEDQ875Iruk5KC7isqqKDziTrYWvFQEQbfC:euc875IkrsqqHT0WvFQEO6
Static task
static1
Behavioral task
behavioral1
Sample
28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd
-
Size
1.2MB
-
MD5
7d8d87a3c5cd0900bcb95a209ef1dc04
-
SHA1
3cc8fd39291f65b5bb3e2ffd66ab7d93aa10a98d
-
SHA256
28b8b178db598c08f43a005d38a83b87b7d579eea5ace52961e1904d90344bdd
-
SHA512
18591ee908d8e9b5e3bcccdbc9a320d5b951c7a0631aa8adec1f1c3e5e519ce15734a989566a406e2dd8a43684bea64b8182010d07e4be63d4b3e7bd3e462d38
-
SSDEEP
24576:eSF0ZVEDQ875Iruk5KC7isqqKDziTrYWvFQEQbfC:euc875IkrsqqHT0WvFQEO6
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5