General
-
Target
a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bfN
-
Size
65KB
-
Sample
241109-g9eglsslhj
-
MD5
346c4b9202360d9bb54d3295cdd4dac0
-
SHA1
8a3d9679dae9110aa18ebe72626abcf7c5bab8e7
-
SHA256
a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bf
-
SHA512
6afaf563fb44e23c0e692b4c8cca3009e08795f2a52557ba9a84d91e67e58d48a3a2afd936993dae54320b93857b5122bf6157c04b05c6dbf46db05836db2084
-
SSDEEP
1536:Os10H/HDCMzdU0H9bB2OM2GUSLpRTw6d02GbG54bwJ++7:Os6fHDCMWcJBpMtRME02eG546
Static task
static1
Behavioral task
behavioral1
Sample
a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bfN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bfN
-
Size
65KB
-
MD5
346c4b9202360d9bb54d3295cdd4dac0
-
SHA1
8a3d9679dae9110aa18ebe72626abcf7c5bab8e7
-
SHA256
a66a150ec00a40e96759570a46ada4e2a7d238a7484c88aac6c9b821f18e35bf
-
SHA512
6afaf563fb44e23c0e692b4c8cca3009e08795f2a52557ba9a84d91e67e58d48a3a2afd936993dae54320b93857b5122bf6157c04b05c6dbf46db05836db2084
-
SSDEEP
1536:Os10H/HDCMzdU0H9bB2OM2GUSLpRTw6d02GbG54bwJ++7:Os6fHDCMWcJBpMtRME02eG546
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5