General
-
Target
a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9N
-
Size
120KB
-
Sample
241110-b5j9eazkgp
-
MD5
377cbdad1a91a649c2706f3a78712a10
-
SHA1
864451098f5858effbff0e0844b799633d907f7f
-
SHA256
a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9
-
SHA512
f774388415fe1e6c02b39678eb6d0cdeaa556deb61f37d3420c98eaacf9d77ff63a860af77824ad185ae175f3977ee2450c91f973e49047e8c5ff53ef5cdfb23
-
SSDEEP
3072:yvHADPcH9T2DrjRE7HsgblHKKHOt8TL8v:sATO2fjm7Mgbl5+
Static task
static1
Behavioral task
behavioral1
Sample
a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9N.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9N
-
Size
120KB
-
MD5
377cbdad1a91a649c2706f3a78712a10
-
SHA1
864451098f5858effbff0e0844b799633d907f7f
-
SHA256
a112039b1f1bd63ac5c036b468f7828632b56b2a467567e87451cb55d8c1b0b9
-
SHA512
f774388415fe1e6c02b39678eb6d0cdeaa556deb61f37d3420c98eaacf9d77ff63a860af77824ad185ae175f3977ee2450c91f973e49047e8c5ff53ef5cdfb23
-
SSDEEP
3072:yvHADPcH9T2DrjRE7HsgblHKKHOt8TL8v:sATO2fjm7Mgbl5+
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5