General
-
Target
5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96N
-
Size
120KB
-
Sample
241107-j2a6bsygml
-
MD5
da5df45ef173a25286f94ff388046260
-
SHA1
797fbbffc4e3b893f558cbac204efeb90b11615c
-
SHA256
5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96
-
SHA512
276d0f59787012ac89d6dfe6de18b7c702b8cb3c48f46ce6026f8d11e7799f3b760bad180a4cd24a792f9ee29566f7ab988e1f74b12fe1c25e4fbc5669dba54b
-
SSDEEP
1536:cddxGEUt+Rdk0lKP4G5lH9Q3KVAuCsX+hFJLuM2nu04Ncp+88JMu7rL3ZxjFjCD:cdxGE++vkIY4MHdtXA9uM2uF886wLjG
Static task
static1
Behavioral task
behavioral1
Sample
5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96N.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96N
-
Size
120KB
-
MD5
da5df45ef173a25286f94ff388046260
-
SHA1
797fbbffc4e3b893f558cbac204efeb90b11615c
-
SHA256
5bf5496d1a4b920e2a6638a7aec7d698735034a31f14caa0a9c0c4910af66d96
-
SHA512
276d0f59787012ac89d6dfe6de18b7c702b8cb3c48f46ce6026f8d11e7799f3b760bad180a4cd24a792f9ee29566f7ab988e1f74b12fe1c25e4fbc5669dba54b
-
SSDEEP
1536:cddxGEUt+Rdk0lKP4G5lH9Q3KVAuCsX+hFJLuM2nu04Ncp+88JMu7rL3ZxjFjCD:cdxGE++vkIY4MHdtXA9uM2uF886wLjG
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5