General
-
Target
b5bb93969e99c17e45d61a5918108a371e259c8bee7d3e96cf309eb67ca6e841N
-
Size
235KB
-
Sample
241110-t5mnms1akp
-
MD5
6716075fc8527baaa728b8b8a9c5d5e0
-
SHA1
e280d7e004087dcce394ee20fd5c8c57f08bdebf
-
SHA256
b5bb93969e99c17e45d61a5918108a371e259c8bee7d3e96cf309eb67ca6e841
-
SHA512
1fbf64f6a1dfbfd099eaaa9d327daa7f26bcb2d14b744da4273f8c79c70511e9c98182cc5dea8c5409c6f010c880f1cad77a4d3376e4d351016010e40f386025
-
SSDEEP
3072:+3LqXU5pdpVJ3ScyWbZr+KMk6eKL4AvEvlODJtzvyVRsSNCiAheK5M+c1HBOFBCR:S7dLJgWZ6L5d/EsgCwKS+c11AjAd
Static task
static1
Behavioral task
behavioral1
Sample
b5bb93969e99c17e45d61a5918108a371e259c8bee7d3e96cf309eb67ca6e841N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
b5bb93969e99c17e45d61a5918108a371e259c8bee7d3e96cf309eb67ca6e841N
-
Size
235KB
-
MD5
6716075fc8527baaa728b8b8a9c5d5e0
-
SHA1
e280d7e004087dcce394ee20fd5c8c57f08bdebf
-
SHA256
b5bb93969e99c17e45d61a5918108a371e259c8bee7d3e96cf309eb67ca6e841
-
SHA512
1fbf64f6a1dfbfd099eaaa9d327daa7f26bcb2d14b744da4273f8c79c70511e9c98182cc5dea8c5409c6f010c880f1cad77a4d3376e4d351016010e40f386025
-
SSDEEP
3072:+3LqXU5pdpVJ3ScyWbZr+KMk6eKL4AvEvlODJtzvyVRsSNCiAheK5M+c1HBOFBCR:S7dLJgWZ6L5d/EsgCwKS+c11AjAd
-
Modifies firewall policy service
-
Sality family
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5