General
-
Target
850053727880deb231ee4023127f10e5320ac6fd9a0e8df8533e049ac9a3be54N
-
Size
3.7MB
-
Sample
241110-ttqwxszgpp
-
MD5
74af3f6cfee2887c897148508a9c03b0
-
SHA1
42f6109b34c6812890c51f0435d1e0e10825f94f
-
SHA256
850053727880deb231ee4023127f10e5320ac6fd9a0e8df8533e049ac9a3be54
-
SHA512
3eaa8bc5a5e556e6fc2372e71e2f7b89fa83cf4db4b2724482a6902a5613ebfe011b0f9d19d39ee7cefbe0eaa4f937478d48c3b9ae4bb79645779c70c63817da
-
SSDEEP
49152:6vOAaj8fG7xSjf6Onqq7VMdlij5uIGHuv1LBUPoj6tv49yL2Pa9SV78AhcDYbX3t:uWQ+HOq++liduCtLBlOMyL2i9avccb39
Static task
static1
Behavioral task
behavioral1
Sample
850053727880deb231ee4023127f10e5320ac6fd9a0e8df8533e049ac9a3be54N.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
850053727880deb231ee4023127f10e5320ac6fd9a0e8df8533e049ac9a3be54N
-
Size
3.7MB
-
MD5
74af3f6cfee2887c897148508a9c03b0
-
SHA1
42f6109b34c6812890c51f0435d1e0e10825f94f
-
SHA256
850053727880deb231ee4023127f10e5320ac6fd9a0e8df8533e049ac9a3be54
-
SHA512
3eaa8bc5a5e556e6fc2372e71e2f7b89fa83cf4db4b2724482a6902a5613ebfe011b0f9d19d39ee7cefbe0eaa4f937478d48c3b9ae4bb79645779c70c63817da
-
SSDEEP
49152:6vOAaj8fG7xSjf6Onqq7VMdlij5uIGHuv1LBUPoj6tv49yL2Pa9SV78AhcDYbX3t:uWQ+HOq++liduCtLBlOMyL2i9avccb39
-
Modifies firewall policy service
-
Sality family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5