General
-
Target
82780f6bda39ac3278c741b112b53bf7bea3b2a8719277f7bbe912c49044c5d0N
-
Size
4.8MB
-
Sample
241109-pmjf2svamj
-
MD5
4d070791112bc416b6cdeb15a131cb50
-
SHA1
ecae07a3eba38274a76cd6f51ab8bb421e275f9b
-
SHA256
82780f6bda39ac3278c741b112b53bf7bea3b2a8719277f7bbe912c49044c5d0
-
SHA512
f620a87f8ab3be5339f08385da567a71e6c0f4fdd1cadb75dbf3a69133108d5cabbd69675d07e994bd67ad47619f3d549bc245cd23ac8dfc760102ef47950ed9
-
SSDEEP
98304:2pHA63Slct64zyNQyQyv7h+XXsVnvqChlf8L8u7LsZANGNUT3J6zf14OTzcbdwYf:2pg6CO3Xw7RBCCzbu35NJ16BZY+YveNC
Static task
static1
Behavioral task
behavioral1
Sample
82780f6bda39ac3278c741b112b53bf7bea3b2a8719277f7bbe912c49044c5d0N.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
82780f6bda39ac3278c741b112b53bf7bea3b2a8719277f7bbe912c49044c5d0N
-
Size
4.8MB
-
MD5
4d070791112bc416b6cdeb15a131cb50
-
SHA1
ecae07a3eba38274a76cd6f51ab8bb421e275f9b
-
SHA256
82780f6bda39ac3278c741b112b53bf7bea3b2a8719277f7bbe912c49044c5d0
-
SHA512
f620a87f8ab3be5339f08385da567a71e6c0f4fdd1cadb75dbf3a69133108d5cabbd69675d07e994bd67ad47619f3d549bc245cd23ac8dfc760102ef47950ed9
-
SSDEEP
98304:2pHA63Slct64zyNQyQyv7h+XXsVnvqChlf8L8u7LsZANGNUT3J6zf14OTzcbdwYf:2pg6CO3Xw7RBCCzbu35NJ16BZY+YveNC
-
Modifies firewall policy service
-
Sality family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6