General
-
Target
0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a
-
Size
3.1MB
-
Sample
241110-ntw52syqen
-
MD5
b69d0bfe6ed4cb65ffb5ae1bf495d7be
-
SHA1
98a509894522b7b5e6f4fbd5d226c6aa4389fa14
-
SHA256
0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a
-
SHA512
e45f7bc9c631318aa40ee4d43579740741337f106f1d4df52c06c5e9688397d01b58d7b40075bd5a8bd54f143becf59ca40ddd1366f21b9a96be460730ef2204
-
SSDEEP
98304:IC7vsT26FZ2B3rX315DZk/jTE8At/4OOOOOOE8/Z/Apg8SBySg:z4dZO3z315D208Atj8/Z/Apg8V
Static task
static1
Behavioral task
behavioral1
Sample
0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a
-
Size
3.1MB
-
MD5
b69d0bfe6ed4cb65ffb5ae1bf495d7be
-
SHA1
98a509894522b7b5e6f4fbd5d226c6aa4389fa14
-
SHA256
0db51331106416caf2cde619e783a07bc1a41412b4a53746c3d11f8fa0d6445a
-
SHA512
e45f7bc9c631318aa40ee4d43579740741337f106f1d4df52c06c5e9688397d01b58d7b40075bd5a8bd54f143becf59ca40ddd1366f21b9a96be460730ef2204
-
SSDEEP
98304:IC7vsT26FZ2B3rX315DZk/jTE8At/4OOOOOOE8/Z/Apg8SBySg:z4dZO3z315D208Atj8/Z/Apg8V
-
Modifies firewall policy service
-
Sality family
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5