General
-
Target
78813aa28ed892b1d551c84b497c4a00647e5575f8f300dc5564f678cf13f5ebN
-
Size
120KB
-
Sample
241110-r2laasygmh
-
MD5
404dc5ab1b8e1e1494af4137e3b8adf0
-
SHA1
266deee028089bd02bed361b745319072961790e
-
SHA256
78813aa28ed892b1d551c84b497c4a00647e5575f8f300dc5564f678cf13f5eb
-
SHA512
d169d2c26bbb2b08d14b69dcb84256a622950f28cada4c19dce0316fc6dad6ead6ed0286d05b208586e9c4cdcc2cd09e6ce67e2362053da1fbad9e7792ceb5de
-
SSDEEP
3072:K7nrfAvUPZEg74g4wAUTl0xTW/ueoXkcGgQGdqTUldUSRvlj:K73RMebTl0xTsueoXXUeNj
Static task
static1
Behavioral task
behavioral1
Sample
78813aa28ed892b1d551c84b497c4a00647e5575f8f300dc5564f678cf13f5ebN.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
78813aa28ed892b1d551c84b497c4a00647e5575f8f300dc5564f678cf13f5ebN
-
Size
120KB
-
MD5
404dc5ab1b8e1e1494af4137e3b8adf0
-
SHA1
266deee028089bd02bed361b745319072961790e
-
SHA256
78813aa28ed892b1d551c84b497c4a00647e5575f8f300dc5564f678cf13f5eb
-
SHA512
d169d2c26bbb2b08d14b69dcb84256a622950f28cada4c19dce0316fc6dad6ead6ed0286d05b208586e9c4cdcc2cd09e6ce67e2362053da1fbad9e7792ceb5de
-
SSDEEP
3072:K7nrfAvUPZEg74g4wAUTl0xTW/ueoXkcGgQGdqTUldUSRvlj:K73RMebTl0xTsueoXXUeNj
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5