General
-
Target
137372af4a2eeccdab924279221beb685d29db39994179f57621dd070b746ede
-
Size
686KB
-
Sample
241111-tqrdaa1gjd
-
MD5
e929859c926def1a89205eb9c463a610
-
SHA1
eca5f0d8834c0d47745f1a0166b5b7a9067ddb22
-
SHA256
137372af4a2eeccdab924279221beb685d29db39994179f57621dd070b746ede
-
SHA512
acc61f93bc3c05d39596f93fbff4bfd1dceb6e7da06528534d15e0412da315c84fa576b00b8d1cd5970f8ea85ec63e47d756a6f3ae47cab9b572f5adedfb7d2f
-
SSDEEP
12288:Xz2Nyw6hsU5HDcqxDTThrp3g/gvIW4LUf3PqNzPgUdPm51:D2gw6VlDc6rp3X3OzoUdP4
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
137372af4a2eeccdab924279221beb685d29db39994179f57621dd070b746ede
-
Size
686KB
-
MD5
e929859c926def1a89205eb9c463a610
-
SHA1
eca5f0d8834c0d47745f1a0166b5b7a9067ddb22
-
SHA256
137372af4a2eeccdab924279221beb685d29db39994179f57621dd070b746ede
-
SHA512
acc61f93bc3c05d39596f93fbff4bfd1dceb6e7da06528534d15e0412da315c84fa576b00b8d1cd5970f8ea85ec63e47d756a6f3ae47cab9b572f5adedfb7d2f
-
SSDEEP
12288:Xz2Nyw6hsU5HDcqxDTThrp3g/gvIW4LUf3PqNzPgUdPm51:D2gw6VlDc6rp3X3OzoUdP4
-
Modifies firewall policy service
-
Sality family
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1