General
-
Target
47144ad12f08179425a595772cb5d1ee6379c0b1bd6360e0f9564ac10b6ed979N
-
Size
120KB
-
Sample
241109-l7gleaselq
-
MD5
e606480ef778ea2d6ab23cf28dbf6d20
-
SHA1
72f23b18c41e5ba7d1fc14114d2ba57de33b20e6
-
SHA256
47144ad12f08179425a595772cb5d1ee6379c0b1bd6360e0f9564ac10b6ed979
-
SHA512
f62099f40267c5fe06832f1d6220edd3d1c4b788eca162ccd6cddf5d7a8538b4037e3add689b2a332a5ce039402a4de9926473ac0d74765bcb19b0f8722c9972
-
SSDEEP
3072:QS1d2EtZ1iKkz7cIiXMV7yFZhd7tBHE6VQZ:QKEEtZUzgIeKyNdplVQ
Static task
static1
Behavioral task
behavioral1
Sample
47144ad12f08179425a595772cb5d1ee6379c0b1bd6360e0f9564ac10b6ed979N.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
47144ad12f08179425a595772cb5d1ee6379c0b1bd6360e0f9564ac10b6ed979N
-
Size
120KB
-
MD5
e606480ef778ea2d6ab23cf28dbf6d20
-
SHA1
72f23b18c41e5ba7d1fc14114d2ba57de33b20e6
-
SHA256
47144ad12f08179425a595772cb5d1ee6379c0b1bd6360e0f9564ac10b6ed979
-
SHA512
f62099f40267c5fe06832f1d6220edd3d1c4b788eca162ccd6cddf5d7a8538b4037e3add689b2a332a5ce039402a4de9926473ac0d74765bcb19b0f8722c9972
-
SSDEEP
3072:QS1d2EtZ1iKkz7cIiXMV7yFZhd7tBHE6VQZ:QKEEtZUzgIeKyNdplVQ
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5