General
-
Target
2878165226008556adac5fbf4d12d9cd9258f357022025dbf1d64658e9f94342
-
Size
3.0MB
-
Sample
241109-pyzmeavcnd
-
MD5
ea3207d32ee211e195891cf04bb7ea48
-
SHA1
2d1bc7a46f020bc6758e4c31c68d2e1e0fca4831
-
SHA256
2878165226008556adac5fbf4d12d9cd9258f357022025dbf1d64658e9f94342
-
SHA512
cf5861d2e116e912ce4d763faeb923a57fb060a8fd915967ea50ef36ff67a75bcb503f7db576a8a956c50730300316f6622de80648068daac15ca9e5a9c097ab
-
SSDEEP
49152:F0/3um9HFwLWo9XiMNZTbOMT5mFbO8H8zE8DTGZf7rNlmxSM:FMNlGWGyMzOMtUOY8w5F7rDYf
Static task
static1
Behavioral task
behavioral1
Sample
2878165226008556adac5fbf4d12d9cd9258f357022025dbf1d64658e9f94342.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2878165226008556adac5fbf4d12d9cd9258f357022025dbf1d64658e9f94342
-
Size
3.0MB
-
MD5
ea3207d32ee211e195891cf04bb7ea48
-
SHA1
2d1bc7a46f020bc6758e4c31c68d2e1e0fca4831
-
SHA256
2878165226008556adac5fbf4d12d9cd9258f357022025dbf1d64658e9f94342
-
SHA512
cf5861d2e116e912ce4d763faeb923a57fb060a8fd915967ea50ef36ff67a75bcb503f7db576a8a956c50730300316f6622de80648068daac15ca9e5a9c097ab
-
SSDEEP
49152:F0/3um9HFwLWo9XiMNZTbOMT5mFbO8H8zE8DTGZf7rNlmxSM:FMNlGWGyMzOMtUOY8w5F7rDYf
-
Modifies firewall policy service
-
Sality family
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5