General
-
Target
474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b
-
Size
409KB
-
Sample
241112-1k4jzsvpaq
-
MD5
c363f6ff4a7827f0361df2e40ff059df
-
SHA1
eb6581a9e23660fdb63dbb7b1c85e8ef42c14003
-
SHA256
474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b
-
SHA512
2339be80b091d94b85ebff304c776c078a9246e3db2d9af3e4555471ceddf07875fed78eba7cdd37d64f5b0340aa3bf9c20dc905b7e2a61e929a8f17cca07ce7
-
SSDEEP
3072:PGGgeOxL86PcvgKOEtgvZPITucCTiMSBEK1Ier5jslcnsG4/:OIOxLfPcvgKVUZQqcCT6HB9lDC
Static task
static1
Behavioral task
behavioral1
Sample
474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b
-
Size
409KB
-
MD5
c363f6ff4a7827f0361df2e40ff059df
-
SHA1
eb6581a9e23660fdb63dbb7b1c85e8ef42c14003
-
SHA256
474d2babb0c6a3db591ebe1ba0e3319816c197d4f4ee17967f3a3e97b13e3e0b
-
SHA512
2339be80b091d94b85ebff304c776c078a9246e3db2d9af3e4555471ceddf07875fed78eba7cdd37d64f5b0340aa3bf9c20dc905b7e2a61e929a8f17cca07ce7
-
SSDEEP
3072:PGGgeOxL86PcvgKOEtgvZPITucCTiMSBEK1Ier5jslcnsG4/:OIOxLfPcvgKVUZQqcCT6HB9lDC
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5