General
-
Target
1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4cN
-
Size
120KB
-
Sample
241107-h9mnnayanc
-
MD5
823b82d8bec2ce3b61fe2aeee046e190
-
SHA1
c4eaebfe4e13615c0a6c8f70a0da670205aba82a
-
SHA256
1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4c
-
SHA512
4fc8bf511025260c6ecaac079ce6ff8b382806f93c9a28d64311fa8d6c893260fd6a25f4e0421192d99f18a4e696fe0fd2b5e7d0f8ea26063c44670f9eb75e31
-
SSDEEP
1536:ZE/JHv1C5D7LL54JyaURwJvIFnG+nX/+O7FR2rTfdTiw9+z4WOoiGX3GeAcfRJx:ytC5P31RTFnZPb2f1GwAvOCG3O
Static task
static1
Behavioral task
behavioral1
Sample
1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4cN.dll
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4cN
-
Size
120KB
-
MD5
823b82d8bec2ce3b61fe2aeee046e190
-
SHA1
c4eaebfe4e13615c0a6c8f70a0da670205aba82a
-
SHA256
1e16eeca50e75e7f20df367db63348d3393bb9dbeab055004cedff76414abb4c
-
SHA512
4fc8bf511025260c6ecaac079ce6ff8b382806f93c9a28d64311fa8d6c893260fd6a25f4e0421192d99f18a4e696fe0fd2b5e7d0f8ea26063c44670f9eb75e31
-
SSDEEP
1536:ZE/JHv1C5D7LL54JyaURwJvIFnG+nX/+O7FR2rTfdTiw9+z4WOoiGX3GeAcfRJx:ytC5P31RTFnZPb2f1GwAvOCG3O
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5