General
-
Target
3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728aN
-
Size
120KB
-
Sample
241107-d41wwatnax
-
MD5
817e9dacb5b8773238380f76e4348180
-
SHA1
bb8a2ebe6d1b0f3b4eea17fc3f7aee6705af727d
-
SHA256
3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728a
-
SHA512
edde71ba00211057e7a614e3fe8a24aef8bd3e185306329dff1015b491c8ecda5d25a18802e36449a491df516c2f08524f246d8837864b5140abd5e6c8479c35
-
SSDEEP
1536:xZoPPJtIPlmNZ2VfcLBMHRRbnoBaZEoaUQH4oZ3x3Ej5A0m7Mb3fVT1B:GhttNZ2CLa/bnoQioaUP+44Wt1B
Static task
static1
Behavioral task
behavioral1
Sample
3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728aN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728aN
-
Size
120KB
-
MD5
817e9dacb5b8773238380f76e4348180
-
SHA1
bb8a2ebe6d1b0f3b4eea17fc3f7aee6705af727d
-
SHA256
3ad879c2b2800ab4bbea43589d2673efbde2f870b2273509eab9eaf040c9728a
-
SHA512
edde71ba00211057e7a614e3fe8a24aef8bd3e185306329dff1015b491c8ecda5d25a18802e36449a491df516c2f08524f246d8837864b5140abd5e6c8479c35
-
SSDEEP
1536:xZoPPJtIPlmNZ2VfcLBMHRRbnoBaZEoaUQH4oZ3x3Ej5A0m7Mb3fVT1B:GhttNZ2CLa/bnoQioaUP+44Wt1B
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5