General
-
Target
c196c2f21fdd11b0ae0a11bff17f05fe59716b35b1226d7c0c0bc4ae6c2ceb9fN
-
Size
97KB
-
Sample
241107-kkvdbazaqp
-
MD5
75c23ca1d254f5fb91a4c176ed4e9580
-
SHA1
b895c66dd7900e6f0678a87f3b6af97455badb50
-
SHA256
c196c2f21fdd11b0ae0a11bff17f05fe59716b35b1226d7c0c0bc4ae6c2ceb9f
-
SHA512
9b543ca967314cc7eca4d9044c834d20c3869af4c61593acc51eada105c4c33ad34bad1e19ac0e5c88ba16eb89839670a369f119e8c159300600a8ac4730d4fd
-
SSDEEP
1536:Yg2QnbqrHxWHsNkKkZkQL4+iO0ODCCQWdTSX785gZZv8mErHynLO7EZ:gQOr4MeKq4yD/QWONv8fOy7g
Static task
static1
Behavioral task
behavioral1
Sample
c196c2f21fdd11b0ae0a11bff17f05fe59716b35b1226d7c0c0bc4ae6c2ceb9fN.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c196c2f21fdd11b0ae0a11bff17f05fe59716b35b1226d7c0c0bc4ae6c2ceb9fN
-
Size
97KB
-
MD5
75c23ca1d254f5fb91a4c176ed4e9580
-
SHA1
b895c66dd7900e6f0678a87f3b6af97455badb50
-
SHA256
c196c2f21fdd11b0ae0a11bff17f05fe59716b35b1226d7c0c0bc4ae6c2ceb9f
-
SHA512
9b543ca967314cc7eca4d9044c834d20c3869af4c61593acc51eada105c4c33ad34bad1e19ac0e5c88ba16eb89839670a369f119e8c159300600a8ac4730d4fd
-
SSDEEP
1536:Yg2QnbqrHxWHsNkKkZkQL4+iO0ODCCQWdTSX785gZZv8mErHynLO7EZ:gQOr4MeKq4yD/QWONv8fOy7g
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5