General
-
Target
ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5accN
-
Size
120KB
-
Sample
241110-w93lrssgmg
-
MD5
c4509350810f154a9a573721c34f1fe0
-
SHA1
00daf53a8c492abe04ea1c688e1e436b51e88a21
-
SHA256
ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5acc
-
SHA512
b4e31e4cc67865b6c99d33122be134b09db3f47e3adb8e40fc468c2d99978c3a3c9093795fadd5023e758bda1ca068e70627f41ab9ba77a4022ca7d1ab35b493
-
SSDEEP
3072:hy7pOQSt5xSVgHTD8R/Gf02eUJGWBEzlJo:hydOBt2ID8xGf1LBB6o
Static task
static1
Behavioral task
behavioral1
Sample
ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5accN.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5accN
-
Size
120KB
-
MD5
c4509350810f154a9a573721c34f1fe0
-
SHA1
00daf53a8c492abe04ea1c688e1e436b51e88a21
-
SHA256
ca903db5937df9416b5fb9cf7b915f9933b1b69781af2224813f494e77cf5acc
-
SHA512
b4e31e4cc67865b6c99d33122be134b09db3f47e3adb8e40fc468c2d99978c3a3c9093795fadd5023e758bda1ca068e70627f41ab9ba77a4022ca7d1ab35b493
-
SSDEEP
3072:hy7pOQSt5xSVgHTD8R/Gf02eUJGWBEzlJo:hydOBt2ID8xGf1LBB6o
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5