General
-
Target
00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3N
-
Size
65KB
-
Sample
241109-nqlj5stend
-
MD5
ac0b8fdfa95d6790ce66a9ac991e8be0
-
SHA1
a9f109b43d42497420d647f37af0727757347eb9
-
SHA256
00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3
-
SHA512
bed21784cce92cd970cf15adc22406fd26766ebebb9fd203009bfc32fedff1ed4f37a2b64971f9d3b5070a933452af2e03983180c5c52d429eaffa4d2c88936c
-
SSDEEP
1536:+wijKgcZw3KlnoM3VrK7bCwmNuWwPKxPQaEkVVMPd:+RDKxKPCwmGIhPCd
Static task
static1
Behavioral task
behavioral1
Sample
00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3N
-
Size
65KB
-
MD5
ac0b8fdfa95d6790ce66a9ac991e8be0
-
SHA1
a9f109b43d42497420d647f37af0727757347eb9
-
SHA256
00de9fb0a409fc39ec7fc10b62e85a96e65e8d54f7f7755720c1f2925542b5d3
-
SHA512
bed21784cce92cd970cf15adc22406fd26766ebebb9fd203009bfc32fedff1ed4f37a2b64971f9d3b5070a933452af2e03983180c5c52d429eaffa4d2c88936c
-
SSDEEP
1536:+wijKgcZw3KlnoM3VrK7bCwmNuWwPKxPQaEkVVMPd:+RDKxKPCwmGIhPCd
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5