General
-
Target
e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8N
-
Size
120KB
-
Sample
241109-pwav9svcjf
-
MD5
ae26f2bb90555ca1658180bf8f40b3a0
-
SHA1
e4162985fe4a59c56f7b7868f58fc8a8211c4a3f
-
SHA256
e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8
-
SHA512
62a2a006c36a3b8a5be3b12a572c38cd0bf69f7b15ad9e9ce64ee80c4be6f497b2291db35a5ae19567f0ca0c253fb56f5286106f4ef8904a4b3b57cbbdb988e8
-
SSDEEP
3072:uiX4bPMBtgPpswBM8Y/GCxfAOVQWpSC8xcJTm:uiXGZPfjYOCxfAOVQgEcQ
Static task
static1
Behavioral task
behavioral1
Sample
e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8N.dll
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8N
-
Size
120KB
-
MD5
ae26f2bb90555ca1658180bf8f40b3a0
-
SHA1
e4162985fe4a59c56f7b7868f58fc8a8211c4a3f
-
SHA256
e7351a7fd7e8586f49c5bb08d7a30af95f4a984ddbc87f7c26997cfa7e665ed8
-
SHA512
62a2a006c36a3b8a5be3b12a572c38cd0bf69f7b15ad9e9ce64ee80c4be6f497b2291db35a5ae19567f0ca0c253fb56f5286106f4ef8904a4b3b57cbbdb988e8
-
SSDEEP
3072:uiX4bPMBtgPpswBM8Y/GCxfAOVQWpSC8xcJTm:uiXGZPfjYOCxfAOVQgEcQ
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5