General
-
Target
8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135N
-
Size
120KB
-
Sample
241109-m7k49swlgn
-
MD5
190dd4b5a2cca66b70e44dcc9d4b87a0
-
SHA1
0cb4dc0c74162953ef9832f45726460ae8e30762
-
SHA256
8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135
-
SHA512
091f476fcf2d29e387aaaa4a76199b59153ace9e7cd9887cf3ebb767a6bed6f22719e2d1ff6107c0a0fe47eb9f8fcd7f758efe2a465c6bb8121f4e528c53ca99
-
SSDEEP
1536:xm+OqUXdoD2omP4MY/5lxxIx1SwQGkK+3auhQT6e7L+7VIeaWwxKup+RX:s+wdoD2oQsl4OG1+O/G+xNpK
Static task
static1
Behavioral task
behavioral1
Sample
8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135N
-
Size
120KB
-
MD5
190dd4b5a2cca66b70e44dcc9d4b87a0
-
SHA1
0cb4dc0c74162953ef9832f45726460ae8e30762
-
SHA256
8f774e986cad7001d86498ba9ac6833aad28a922c25867b876a8db066d098135
-
SHA512
091f476fcf2d29e387aaaa4a76199b59153ace9e7cd9887cf3ebb767a6bed6f22719e2d1ff6107c0a0fe47eb9f8fcd7f758efe2a465c6bb8121f4e528c53ca99
-
SSDEEP
1536:xm+OqUXdoD2omP4MY/5lxxIx1SwQGkK+3auhQT6e7L+7VIeaWwxKup+RX:s+wdoD2oQsl4OG1+O/G+xNpK
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5