General
-
Target
486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1N.exe
-
Size
1.3MB
-
Sample
241205-1nv21stlas
-
MD5
cd91c825d482580dd2f4a00d76a78690
-
SHA1
c24649f329f58bd181eb019c58c6a60580817014
-
SHA256
486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1
-
SHA512
b76cd9973ca501d8c5b9855bee1a7604e705965828b09ed0a617f72131674165e0e42dd5d047f373483aa0f310b4b424d064176728355d3cdaa49ddd26ecb900
-
SSDEEP
24576:wQJFy0QEUAHAFAA9uhI0QKMKapBBW00SL5V0EBIO:tquhxpt6BBW0/9zSO
Static task
static1
Behavioral task
behavioral1
Sample
486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1N.exe
-
Size
1.3MB
-
MD5
cd91c825d482580dd2f4a00d76a78690
-
SHA1
c24649f329f58bd181eb019c58c6a60580817014
-
SHA256
486eb3e6d7b2b2e74c22c63c17b908d1aa63204392c771903de6d3888b9685c1
-
SHA512
b76cd9973ca501d8c5b9855bee1a7604e705965828b09ed0a617f72131674165e0e42dd5d047f373483aa0f310b4b424d064176728355d3cdaa49ddd26ecb900
-
SSDEEP
24576:wQJFy0QEUAHAFAA9uhI0QKMKapBBW00SL5V0EBIO:tquhxpt6BBW0/9zSO
-
Modifies firewall policy service
-
Sality family
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1