General
-
Target
22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117eN
-
Size
120KB
-
Sample
241107-ev9m4awbpp
-
MD5
867dfa4e0a3ae2ee075e6fe2c0d2dfb0
-
SHA1
eb5a96db57e6573bf0d8e3f4ea16497a7c1968f3
-
SHA256
22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117e
-
SHA512
42b57335372ff9acef5420c499a972d1716e48cc37fde0f005e19ec384ee982fdb8bb055840922b5f6ae1d79105ff6a839a74ddbab02fedd502b5c577b729d95
-
SSDEEP
3072:EULqrS26yqT6mSRC0MYn8DYj7fkaunHQNlVk:EOFF70/DpunHQz2
Static task
static1
Behavioral task
behavioral1
Sample
22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117eN.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117eN
-
Size
120KB
-
MD5
867dfa4e0a3ae2ee075e6fe2c0d2dfb0
-
SHA1
eb5a96db57e6573bf0d8e3f4ea16497a7c1968f3
-
SHA256
22204ae218b80ffd3971864c0264807bed0704485695ffd00832e593fb73117e
-
SHA512
42b57335372ff9acef5420c499a972d1716e48cc37fde0f005e19ec384ee982fdb8bb055840922b5f6ae1d79105ff6a839a74ddbab02fedd502b5c577b729d95
-
SSDEEP
3072:EULqrS26yqT6mSRC0MYn8DYj7fkaunHQNlVk:EOFF70/DpunHQz2
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5