General
-
Target
fdc0cf40e1bb3321cfb33e694f42972bfbd3d6a5c5e8b145830ca5297a6b4572.exe
-
Size
120KB
-
Sample
241217-nz7hzaylax
-
MD5
674d167bf30a9a11461dfa44a805548c
-
SHA1
f0b4f281bf7500dbf57073eee98f51290bfffd0f
-
SHA256
fdc0cf40e1bb3321cfb33e694f42972bfbd3d6a5c5e8b145830ca5297a6b4572
-
SHA512
3cb7981abb4214d4102770fc11236b9aab1c00e1bd267c373de908371c30df579bd17545e8157ea5bf090d262b713eeb2692052e56006a94e71549adc59ffccf
-
SSDEEP
3072:n9Bbr5vUkIVK4oaTuOz7iPouoQBangsPyO44Ek:njbr5cznay7Ivag6y6
Static task
static1
Behavioral task
behavioral1
Sample
fdc0cf40e1bb3321cfb33e694f42972bfbd3d6a5c5e8b145830ca5297a6b4572.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fdc0cf40e1bb3321cfb33e694f42972bfbd3d6a5c5e8b145830ca5297a6b4572.exe
-
Size
120KB
-
MD5
674d167bf30a9a11461dfa44a805548c
-
SHA1
f0b4f281bf7500dbf57073eee98f51290bfffd0f
-
SHA256
fdc0cf40e1bb3321cfb33e694f42972bfbd3d6a5c5e8b145830ca5297a6b4572
-
SHA512
3cb7981abb4214d4102770fc11236b9aab1c00e1bd267c373de908371c30df579bd17545e8157ea5bf090d262b713eeb2692052e56006a94e71549adc59ffccf
-
SSDEEP
3072:n9Bbr5vUkIVK4oaTuOz7iPouoQBangsPyO44Ek:njbr5cznay7Ivag6y6
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5