General
-
Target
add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403N.exe
-
Size
120KB
-
Sample
241215-3lmc7ssnfy
-
MD5
0db980c729bbe020a9cba9b9be55b240
-
SHA1
5234789f30ba143496d358bf8984b77553630679
-
SHA256
add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403
-
SHA512
e2d9220ca6bc171d280a3b6f398ee65299451a832e84edf29d48922ed9877d23e7bd7fefa492d4010d83cbd651423cd17491adb8f74d88d7b9fbf1c3cbe2746b
-
SSDEEP
3072:fwksE/5ya0RBpWco/9yGreKRjrg1QFBNWDgYRRL7:fUaytu/9yGeKZg7fT
Static task
static1
Behavioral task
behavioral1
Sample
add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403N.exe
-
Size
120KB
-
MD5
0db980c729bbe020a9cba9b9be55b240
-
SHA1
5234789f30ba143496d358bf8984b77553630679
-
SHA256
add4cb9a3703276234a7ed01856a3e27eca8d3020af799d4b4f5cf262cee9403
-
SHA512
e2d9220ca6bc171d280a3b6f398ee65299451a832e84edf29d48922ed9877d23e7bd7fefa492d4010d83cbd651423cd17491adb8f74d88d7b9fbf1c3cbe2746b
-
SSDEEP
3072:fwksE/5ya0RBpWco/9yGreKRjrg1QFBNWDgYRRL7:fUaytu/9yGeKZg7fT
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5