General
-
Target
d0aca404059cddd8f0d9daad526f847ac2b66757ef4458b0ddcb0f8a90f6d3a1N.exe
-
Size
65KB
-
Sample
241130-fyxy5strew
-
MD5
c99702c921848166d4049e8d51aea910
-
SHA1
79168336e8e4882a2356def159dba206a96927cc
-
SHA256
d0aca404059cddd8f0d9daad526f847ac2b66757ef4458b0ddcb0f8a90f6d3a1
-
SHA512
3a4dc103b5a7dd2177a4d7c2df4cba7f20f9bfb83089e483b272a6e14c7ffe03bd5472f3e059e345df2cb2fc78bbb3af6101fad621609f83fc6795955cc078c9
-
SSDEEP
1536:6/sFsVfyjLjd3k8NgR8220IrOxG8TGVFI:sbg7dk8jxCxG8T2FI
Static task
static1
Behavioral task
behavioral1
Sample
d0aca404059cddd8f0d9daad526f847ac2b66757ef4458b0ddcb0f8a90f6d3a1N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d0aca404059cddd8f0d9daad526f847ac2b66757ef4458b0ddcb0f8a90f6d3a1N.exe
-
Size
65KB
-
MD5
c99702c921848166d4049e8d51aea910
-
SHA1
79168336e8e4882a2356def159dba206a96927cc
-
SHA256
d0aca404059cddd8f0d9daad526f847ac2b66757ef4458b0ddcb0f8a90f6d3a1
-
SHA512
3a4dc103b5a7dd2177a4d7c2df4cba7f20f9bfb83089e483b272a6e14c7ffe03bd5472f3e059e345df2cb2fc78bbb3af6101fad621609f83fc6795955cc078c9
-
SSDEEP
1536:6/sFsVfyjLjd3k8NgR8220IrOxG8TGVFI:sbg7dk8jxCxG8T2FI
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5