General
-
Target
52fa843d5d09924fb240052144e6828263b9a4bf11eb3d2037405d2db8972bd4N
-
Size
1.2MB
-
Sample
241107-ejjmjaxmel
-
MD5
f22a3592751ffcde9933caae5e98b0e0
-
SHA1
d77b2f0ee679b17033ad7f4532f7f094a5703a42
-
SHA256
52fa843d5d09924fb240052144e6828263b9a4bf11eb3d2037405d2db8972bd4
-
SHA512
92d2f48976db63aa9ea72489f421bc52be0b1de348f9d40d18bac83c159d689873a974f5824f02459633a6041351f566d9c6bdef6c1c514934061afd12aa2b85
-
SSDEEP
24576:r/QU+XFJWKkkkkkkI5YvasDJTtpz7C8Gye3We8o4vNYof58mi:rEXFJW3Yiylth7JQ/WviV
Static task
static1
Behavioral task
behavioral1
Sample
52fa843d5d09924fb240052144e6828263b9a4bf11eb3d2037405d2db8972bd4N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
52fa843d5d09924fb240052144e6828263b9a4bf11eb3d2037405d2db8972bd4N
-
Size
1.2MB
-
MD5
f22a3592751ffcde9933caae5e98b0e0
-
SHA1
d77b2f0ee679b17033ad7f4532f7f094a5703a42
-
SHA256
52fa843d5d09924fb240052144e6828263b9a4bf11eb3d2037405d2db8972bd4
-
SHA512
92d2f48976db63aa9ea72489f421bc52be0b1de348f9d40d18bac83c159d689873a974f5824f02459633a6041351f566d9c6bdef6c1c514934061afd12aa2b85
-
SSDEEP
24576:r/QU+XFJWKkkkkkkI5YvasDJTtpz7C8Gye3We8o4vNYof58mi:rEXFJW3Yiylth7JQ/WviV
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6