General
-
Target
75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523N
-
Size
120KB
-
Sample
241110-s31baasqeq
-
MD5
6f3129ab174b5720b7795d68a8037ee0
-
SHA1
cee4e90e6dbaff85c2db0bef2c1f563dea511c74
-
SHA256
75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523
-
SHA512
3881014638e140cfdd90a7570bcbc91c9afc1a655d3adf924085df7eae7862c94d43395ecfa8b7671e8c4cf95e8e21e8d75894984c9f3f266b1b37e9daa53cfe
-
SSDEEP
1536:2zATEx3mTNOI8HVQjztxx1t6kjOSP72/MQrDVML2YsGQslv7IE+0:T35OIsVQ3txx1UkjOSPa/H5jslMf
Static task
static1
Behavioral task
behavioral1
Sample
75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523N.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523N
-
Size
120KB
-
MD5
6f3129ab174b5720b7795d68a8037ee0
-
SHA1
cee4e90e6dbaff85c2db0bef2c1f563dea511c74
-
SHA256
75e5ae3333e0f59fb4921930cce83df569328199c29b515f418cd9ea4224c523
-
SHA512
3881014638e140cfdd90a7570bcbc91c9afc1a655d3adf924085df7eae7862c94d43395ecfa8b7671e8c4cf95e8e21e8d75894984c9f3f266b1b37e9daa53cfe
-
SSDEEP
1536:2zATEx3mTNOI8HVQjztxx1t6kjOSP72/MQrDVML2YsGQslv7IE+0:T35OIsVQ3txx1UkjOSPa/H5jslMf
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5