General
-
Target
d600c47184619633c838f08d218aea5e5ee28f00d0c88d011f33b2f859e3d581
-
Size
120KB
-
Sample
241117-llymssxaqe
-
MD5
7cf7d70583c05113e31c917d2054c739
-
SHA1
0216978cb6f1e1024dfd352ee36292d8b980184c
-
SHA256
d600c47184619633c838f08d218aea5e5ee28f00d0c88d011f33b2f859e3d581
-
SHA512
30710b4b4c3218c049033cc2bd59a57e6d0879ef891e665180c87f36314209ab21d9c1d6716855aabbeec6d5f16d563e80c056b3808e986c81478513500b089c
-
SSDEEP
3072:58g1CPsXv82/c7qKMmo2aKq+ADA4N9biteZSdh:58g4Uf82WN/Yvfb78d
Static task
static1
Behavioral task
behavioral1
Sample
d600c47184619633c838f08d218aea5e5ee28f00d0c88d011f33b2f859e3d581.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d600c47184619633c838f08d218aea5e5ee28f00d0c88d011f33b2f859e3d581
-
Size
120KB
-
MD5
7cf7d70583c05113e31c917d2054c739
-
SHA1
0216978cb6f1e1024dfd352ee36292d8b980184c
-
SHA256
d600c47184619633c838f08d218aea5e5ee28f00d0c88d011f33b2f859e3d581
-
SHA512
30710b4b4c3218c049033cc2bd59a57e6d0879ef891e665180c87f36314209ab21d9c1d6716855aabbeec6d5f16d563e80c056b3808e986c81478513500b089c
-
SSDEEP
3072:58g1CPsXv82/c7qKMmo2aKq+ADA4N9biteZSdh:58g4Uf82WN/Yvfb78d
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5