General
-
Target
bebfe266c8fb427d2a0664d057e3161b6dafa2fab746dfc69b3a69b266e1da99N
-
Size
120KB
-
Sample
241107-dwqqyavaqh
-
MD5
8ae320478a55d98e5bc709e3cdae6150
-
SHA1
0a1842dc16a3f742623bbe49bb04072bdd2672c8
-
SHA256
bebfe266c8fb427d2a0664d057e3161b6dafa2fab746dfc69b3a69b266e1da99
-
SHA512
0e2b8acce228fa92e39ba2388e62e8884f685b9685a52e34cade8efdc8a55fd9520af1916bc0a0994367657598ef169699c012def70e78768a7f4d2c6583fde6
-
SSDEEP
1536:yJL0mK4U8fpvgBl4U3dftZFgl6excze3bcnO6YKbZcw8/yJ1hhWpeVOp:yJL+eeKULZK8eSzUInO6YSc1VO
Static task
static1
Behavioral task
behavioral1
Sample
bebfe266c8fb427d2a0664d057e3161b6dafa2fab746dfc69b3a69b266e1da99N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bebfe266c8fb427d2a0664d057e3161b6dafa2fab746dfc69b3a69b266e1da99N
-
Size
120KB
-
MD5
8ae320478a55d98e5bc709e3cdae6150
-
SHA1
0a1842dc16a3f742623bbe49bb04072bdd2672c8
-
SHA256
bebfe266c8fb427d2a0664d057e3161b6dafa2fab746dfc69b3a69b266e1da99
-
SHA512
0e2b8acce228fa92e39ba2388e62e8884f685b9685a52e34cade8efdc8a55fd9520af1916bc0a0994367657598ef169699c012def70e78768a7f4d2c6583fde6
-
SSDEEP
1536:yJL0mK4U8fpvgBl4U3dftZFgl6excze3bcnO6YKbZcw8/yJ1hhWpeVOp:yJL+eeKULZK8eSzUInO6YSc1VO
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5