General
-
Target
cef821c19ab635f4c9337837d9ed982934dbcd9cc41dcf28e0947c016ff96b73
-
Size
120KB
-
Sample
241107-fapymavlfy
-
MD5
20a3d7214d98aec97ecd8ba5a3e38bd1
-
SHA1
67f2a80a0f263e5a094a9abd59324c4ed51d5128
-
SHA256
cef821c19ab635f4c9337837d9ed982934dbcd9cc41dcf28e0947c016ff96b73
-
SHA512
03cf3096427628b6397326ab1ff2d555f387ee1bc0f6537bc385a4e94590fd32d0603fff4d09ab9f5bd3394d46b75ec490a926b08e33ff231dc24b8a7d9ecf1d
-
SSDEEP
3072:j7z4Ey+5iEkVVl2tNtJq/HQ6HFT4MYzuZvJAZ:/Rk/0UHQ6HWzu1m
Static task
static1
Behavioral task
behavioral1
Sample
cef821c19ab635f4c9337837d9ed982934dbcd9cc41dcf28e0947c016ff96b73.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
cef821c19ab635f4c9337837d9ed982934dbcd9cc41dcf28e0947c016ff96b73
-
Size
120KB
-
MD5
20a3d7214d98aec97ecd8ba5a3e38bd1
-
SHA1
67f2a80a0f263e5a094a9abd59324c4ed51d5128
-
SHA256
cef821c19ab635f4c9337837d9ed982934dbcd9cc41dcf28e0947c016ff96b73
-
SHA512
03cf3096427628b6397326ab1ff2d555f387ee1bc0f6537bc385a4e94590fd32d0603fff4d09ab9f5bd3394d46b75ec490a926b08e33ff231dc24b8a7d9ecf1d
-
SSDEEP
3072:j7z4Ey+5iEkVVl2tNtJq/HQ6HFT4MYzuZvJAZ:/Rk/0UHQ6HWzu1m
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5