General
-
Target
45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961cN.exe
-
Size
120KB
-
Sample
241217-qbr5gs1kgk
-
MD5
b6ce7c3172fddb028cfddb1e35a9bf00
-
SHA1
f722e052fd534866af0cbf44e8a7f7d5c31c1b25
-
SHA256
45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961c
-
SHA512
bf8fa40d84e2c2c86704eac4dc71f7b7181097d744ab339081f1a6a900194903bceffa1f9af80f23d262667e5e29ea94df3412774123367a3cde4a23d5a78089
-
SSDEEP
3072:zdpHLGyQBVcoHoMcv0+dtsyHRd1wnEyXee:fLW2KoMA0+dtLXOnfx
Static task
static1
Behavioral task
behavioral1
Sample
45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961cN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961cN.exe
-
Size
120KB
-
MD5
b6ce7c3172fddb028cfddb1e35a9bf00
-
SHA1
f722e052fd534866af0cbf44e8a7f7d5c31c1b25
-
SHA256
45638396c0b3e7b7021189c2f5e15f261cb2e23d086d765b28fdbdc762bc961c
-
SHA512
bf8fa40d84e2c2c86704eac4dc71f7b7181097d744ab339081f1a6a900194903bceffa1f9af80f23d262667e5e29ea94df3412774123367a3cde4a23d5a78089
-
SSDEEP
3072:zdpHLGyQBVcoHoMcv0+dtsyHRd1wnEyXee:fLW2KoMA0+dtLXOnfx
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5