General
-
Target
3f7856fae438bc8ecbfa983d828268f4a66052ff02e6846270cc472a79d71c6c
-
Size
740KB
-
Sample
241113-j2m5wsxma1
-
MD5
79ac4ab5bdedadcb23a9bbeebee72350
-
SHA1
6761f569e50f46bc0fe2f1bb98e5eb03ed639cfd
-
SHA256
3f7856fae438bc8ecbfa983d828268f4a66052ff02e6846270cc472a79d71c6c
-
SHA512
e4a6ebddc8c5370330a13b7a906d953b9a8f539d3e078c7d245b1eb99ccce3337471f9d21d9a780380fb12fcded657b109b8082641122f100b7b2eb451c7dcb8
-
SSDEEP
12288:OTyjXW+48qWywrU4kGFezOAVuJ5PISww7F5DO3HYffMo26t:EIXW/8yw1ez54lIcF5SXYHMo2y
Static task
static1
Behavioral task
behavioral1
Sample
3f7856fae438bc8ecbfa983d828268f4a66052ff02e6846270cc472a79d71c6c.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3f7856fae438bc8ecbfa983d828268f4a66052ff02e6846270cc472a79d71c6c
-
Size
740KB
-
MD5
79ac4ab5bdedadcb23a9bbeebee72350
-
SHA1
6761f569e50f46bc0fe2f1bb98e5eb03ed639cfd
-
SHA256
3f7856fae438bc8ecbfa983d828268f4a66052ff02e6846270cc472a79d71c6c
-
SHA512
e4a6ebddc8c5370330a13b7a906d953b9a8f539d3e078c7d245b1eb99ccce3337471f9d21d9a780380fb12fcded657b109b8082641122f100b7b2eb451c7dcb8
-
SSDEEP
12288:OTyjXW+48qWywrU4kGFezOAVuJ5PISww7F5DO3HYffMo26t:EIXW/8yw1ez54lIcF5SXYHMo2y
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
8