General
-
Target
6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7N
-
Size
120KB
-
Sample
241109-mb4azasfjn
-
MD5
ae5c0499c38124404fa3b66e4cdeedf0
-
SHA1
c20804772d8c29f8db027556e24d119ec5b4672b
-
SHA256
6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7
-
SHA512
01d5872d127e7bc87641d85c4b4be88b89d124227ca8edaa4bcc1628fd0e13835f73bd9dcae3c213208197609e63401fe067f7bdd64b9f40cf20ea2b00413fb4
-
SSDEEP
3072:xpNxlnmbwhPBdcyJ57nPXIkQ2JFtB48hO0:xpNxGUXcyJ57PY/oHSD
Static task
static1
Behavioral task
behavioral1
Sample
6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7N
-
Size
120KB
-
MD5
ae5c0499c38124404fa3b66e4cdeedf0
-
SHA1
c20804772d8c29f8db027556e24d119ec5b4672b
-
SHA256
6f9ea1e410c876b0362c4e94e63ebcd7e9a16a69c7832f7a8c29d06bc6dac4e7
-
SHA512
01d5872d127e7bc87641d85c4b4be88b89d124227ca8edaa4bcc1628fd0e13835f73bd9dcae3c213208197609e63401fe067f7bdd64b9f40cf20ea2b00413fb4
-
SSDEEP
3072:xpNxlnmbwhPBdcyJ57nPXIkQ2JFtB48hO0:xpNxGUXcyJ57PY/oHSD
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5