General
-
Target
2024-11-07_584119db143ddf6c0ea050a69716cc61_xiaoba
-
Size
3.3MB
-
Sample
241107-hfv3yaxeqh
-
MD5
584119db143ddf6c0ea050a69716cc61
-
SHA1
25353c9f5dd0c991be9259c7fd1a66a717397e19
-
SHA256
33106bf1724903bafee5b6f7bf624424406d6436b5434938df6959dcccb7bdfc
-
SHA512
f393d736a3992c0dbab1437ddd7e4a638f32983b286665890e6acbac0ddd4c7e8c05766f90ce501c0842e1a3ea9eefed921fe2927ff463cd215e1b0749120ac8
-
SSDEEP
49152:V7wsC/g2cmgUB8GWtkLdA7TO1JtjZSDKM570nAzMmecnv:FC42cZUBN5A7i1fEL570nc7v
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-07_584119db143ddf6c0ea050a69716cc61_xiaoba.exe
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-11-07_584119db143ddf6c0ea050a69716cc61_xiaoba
-
Size
3.3MB
-
MD5
584119db143ddf6c0ea050a69716cc61
-
SHA1
25353c9f5dd0c991be9259c7fd1a66a717397e19
-
SHA256
33106bf1724903bafee5b6f7bf624424406d6436b5434938df6959dcccb7bdfc
-
SHA512
f393d736a3992c0dbab1437ddd7e4a638f32983b286665890e6acbac0ddd4c7e8c05766f90ce501c0842e1a3ea9eefed921fe2927ff463cd215e1b0749120ac8
-
SSDEEP
49152:V7wsC/g2cmgUB8GWtkLdA7TO1JtjZSDKM570nAzMmecnv:FC42cZUBN5A7i1fEL570nc7v
-
Modifies firewall policy service
-
Sality family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5