General
-
Target
276175619816f805ac74d64902663d34de04bc8f57afbf08b8c2121428df5781.exe
-
Size
65KB
-
Sample
241112-zpqcgs1dma
-
MD5
bdb9c19760a826e63f9f7d75d6a7af8e
-
SHA1
d26453375373be5071d3ddf4acfee189813db848
-
SHA256
276175619816f805ac74d64902663d34de04bc8f57afbf08b8c2121428df5781
-
SHA512
48f5a26d9969e78f41902750509301abbecfe65af71a8672fbcbf7f680d507ae91bed58102f16a77d237e74f1ef619f4708e703944536f1d337d1753d77765a1
-
SSDEEP
1536:uqiW+/oIraBkr7eIW3nTi17Px2qhZkFqgshsfLKleSFwEZkCh9174adRlkQ9:uVuBkrLWjQ2qhZkqgwsf2eSFDZH02Rlf
Static task
static1
Behavioral task
behavioral1
Sample
276175619816f805ac74d64902663d34de04bc8f57afbf08b8c2121428df5781.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
276175619816f805ac74d64902663d34de04bc8f57afbf08b8c2121428df5781.exe
-
Size
65KB
-
MD5
bdb9c19760a826e63f9f7d75d6a7af8e
-
SHA1
d26453375373be5071d3ddf4acfee189813db848
-
SHA256
276175619816f805ac74d64902663d34de04bc8f57afbf08b8c2121428df5781
-
SHA512
48f5a26d9969e78f41902750509301abbecfe65af71a8672fbcbf7f680d507ae91bed58102f16a77d237e74f1ef619f4708e703944536f1d337d1753d77765a1
-
SSDEEP
1536:uqiW+/oIraBkr7eIW3nTi17Px2qhZkFqgshsfLKleSFwEZkCh9174adRlkQ9:uVuBkrLWjQ2qhZkqgwsf2eSFDZH02Rlf
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5