General
-
Target
3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08faN
-
Size
120KB
-
Sample
241110-tzqs4s1bra
-
MD5
877ccc1c790f7d296afff2f974812bb0
-
SHA1
2d96082c19a009b2b854e37310d2fa614c2bf54b
-
SHA256
3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08fa
-
SHA512
08486a5169d32eff571af11218e00bf5710bce57edf2182523281cd406f5b9646ecc2a880c7fe516b26963ec1bb289622d0e51927c99841fd6918a0ecf3620f7
-
SSDEEP
3072:s8AbT3UEbWCWqhNbCH236tcaBZTbpvQkrn:ZAHUEi6hNL3wcMQk
Static task
static1
Behavioral task
behavioral1
Sample
3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08faN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08faN
-
Size
120KB
-
MD5
877ccc1c790f7d296afff2f974812bb0
-
SHA1
2d96082c19a009b2b854e37310d2fa614c2bf54b
-
SHA256
3f33f14369c3c6559df85e5548049c1b643a96f6cec8d0ccc5510ee5527d08fa
-
SHA512
08486a5169d32eff571af11218e00bf5710bce57edf2182523281cd406f5b9646ecc2a880c7fe516b26963ec1bb289622d0e51927c99841fd6918a0ecf3620f7
-
SSDEEP
3072:s8AbT3UEbWCWqhNbCH236tcaBZTbpvQkrn:ZAHUEi6hNL3wcMQk
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5