General
-
Target
ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41edN
-
Size
120KB
-
Sample
241107-d58m4svcnd
-
MD5
2b81d539bf2999905b2f078159b60b50
-
SHA1
c75a7f4976b566bae810b8e0242ccf3a5fbb1e71
-
SHA256
ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41ed
-
SHA512
fd02617215ab2a87714cfe3741f3e97caac4e2159534f70653d6fdfcb3e60781e54fe158d29aa2f3de9208f4e75dd2588d73e638f97e3bd73b7d7963b250ed85
-
SSDEEP
3072:vKu8S8NeoQqnCZtQ21syk4SjOdRkLmF7DVyiEy:vKumQqb2iaSjMmyF7DVyit
Static task
static1
Behavioral task
behavioral1
Sample
ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41edN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41edN
-
Size
120KB
-
MD5
2b81d539bf2999905b2f078159b60b50
-
SHA1
c75a7f4976b566bae810b8e0242ccf3a5fbb1e71
-
SHA256
ac287ce5d3b1ab3e0a5849cea18c94b18405b7e4fbca8ab54bfc7f0fdf5d41ed
-
SHA512
fd02617215ab2a87714cfe3741f3e97caac4e2159534f70653d6fdfcb3e60781e54fe158d29aa2f3de9208f4e75dd2588d73e638f97e3bd73b7d7963b250ed85
-
SSDEEP
3072:vKu8S8NeoQqnCZtQ21syk4SjOdRkLmF7DVyiEy:vKumQqb2iaSjMmyF7DVyit
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5