General
-
Target
658752ba9a98b9a176411424d2cd5cbd33088e0c59645015dd2f76284added58N.exe
-
Size
432KB
-
Sample
241204-2emjyszqem
-
MD5
3880845a9a58821707b0354fca94a9c0
-
SHA1
8a42949c4466401dc1a3c6accda078a915dc3892
-
SHA256
658752ba9a98b9a176411424d2cd5cbd33088e0c59645015dd2f76284added58
-
SHA512
1c0bd3d5648807c8e21d5a388d6c003f05a75503a51c6e464612647c5ccdbfadca49f65a277f30389743c3610e1ee2346d79eb7c891f5cfa09c7481d4c65e75d
-
SSDEEP
12288:nlDzNwTWdB4fEBcjMAKfxTDyZ6MnfZm01lNphrVD:nlKTgB+EKKJTDyo0hv1lNpjD
Static task
static1
Behavioral task
behavioral1
Sample
658752ba9a98b9a176411424d2cd5cbd33088e0c59645015dd2f76284added58N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
658752ba9a98b9a176411424d2cd5cbd33088e0c59645015dd2f76284added58N.exe
-
Size
432KB
-
MD5
3880845a9a58821707b0354fca94a9c0
-
SHA1
8a42949c4466401dc1a3c6accda078a915dc3892
-
SHA256
658752ba9a98b9a176411424d2cd5cbd33088e0c59645015dd2f76284added58
-
SHA512
1c0bd3d5648807c8e21d5a388d6c003f05a75503a51c6e464612647c5ccdbfadca49f65a277f30389743c3610e1ee2346d79eb7c891f5cfa09c7481d4c65e75d
-
SSDEEP
12288:nlDzNwTWdB4fEBcjMAKfxTDyZ6MnfZm01lNphrVD:nlKTgB+EKKJTDyo0hv1lNpjD
-
Modifies firewall policy service
-
Sality family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6