General
-
Target
4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8
-
Size
1.5MB
-
Sample
241109-eqb62aznap
-
MD5
da7ab33bf84184c04ec15537d15b1167
-
SHA1
85a059e97fa791bd3e1ae650c086e0e8c1a132ca
-
SHA256
4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8
-
SHA512
d0eb0f689bbfa22cb49b17d1bd791c31bf0c959795a824ce38a68b9811d7f176790c6abbc7d9fbcb0c6657f4bfb3c0c9f634300cd43ee8d1b511fd685bf48c09
-
SSDEEP
24576:LadEpF0SpVkxrnJUjX/2/BffZVt+xd3voH/m6y4YxqXbaHBkBcM2lE4ZEbL0HzCN:LzrZeZfjy4Yx+ahplEmA8WD
Static task
static1
Behavioral task
behavioral1
Sample
4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8
-
Size
1.5MB
-
MD5
da7ab33bf84184c04ec15537d15b1167
-
SHA1
85a059e97fa791bd3e1ae650c086e0e8c1a132ca
-
SHA256
4d8be1c30fad0027ff501c80681a8c5a7dfcb8cd863c249bcdca84998c7b6ef8
-
SHA512
d0eb0f689bbfa22cb49b17d1bd791c31bf0c959795a824ce38a68b9811d7f176790c6abbc7d9fbcb0c6657f4bfb3c0c9f634300cd43ee8d1b511fd685bf48c09
-
SSDEEP
24576:LadEpF0SpVkxrnJUjX/2/BffZVt+xd3voH/m6y4YxqXbaHBkBcM2lE4ZEbL0HzCN:LzrZeZfjy4Yx+ahplEmA8WD
-
Modifies firewall policy service
-
Sality family
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Pre-OS Boot
1Bootkit
1