General
-
Target
a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928
-
Size
65KB
-
Sample
241117-jzy5dazkcp
-
MD5
d66f3c645f58b64bc55e4ce62fbe08c0
-
SHA1
afc8e9252edaecfd997f16676b3924824b20359d
-
SHA256
a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928
-
SHA512
5d26b95027b67d3cef772f6383d56b13f9aa0215f75c3789c99eaf80f63950542ff4d59e1a8baafa8d07358670e0e9d34065b8e0ed281a44465a0a5a4c7c8ba3
-
SSDEEP
768:AqW5JlyUJzjzA3Jvpxs15ej38+Yrjoj5gKHPYZC7j2UoX/qQj7LJLufNKaIXV3M:Asao65Q31Yrkj5g0gZABEJLuhIXW
Static task
static1
Behavioral task
behavioral1
Sample
a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928
-
Size
65KB
-
MD5
d66f3c645f58b64bc55e4ce62fbe08c0
-
SHA1
afc8e9252edaecfd997f16676b3924824b20359d
-
SHA256
a4adfed926279486639691750d3da683548b108ff8631ba3abb457b1323ec928
-
SHA512
5d26b95027b67d3cef772f6383d56b13f9aa0215f75c3789c99eaf80f63950542ff4d59e1a8baafa8d07358670e0e9d34065b8e0ed281a44465a0a5a4c7c8ba3
-
SSDEEP
768:AqW5JlyUJzjzA3Jvpxs15ej38+Yrjoj5gKHPYZC7j2UoX/qQj7LJLufNKaIXV3M:Asao65Q31Yrkj5g0gZABEJLuhIXW
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5