General
-
Target
b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130N.exe
-
Size
120KB
-
Sample
241217-z1bcpsxrfw
-
MD5
1430f96da6630ed645c10a89e2ad3fa0
-
SHA1
70c1b3e4676f98017fded905121995a1cf7a607d
-
SHA256
b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130
-
SHA512
7788bea75e68c629a164c3a6b9c060282e7699bb52e8edd906b1357e8c0fc0c702602f5a610a5633d11cfa8c825d4db436ff809dbae52144b577dae09923b5a4
-
SSDEEP
1536:nteWGbTI21kNVKvLOLgtznu/qT5syoj4oygV26nUOVUtsSkqV4PVIDrh:nubE2a7ZUwqT+bEHgVvUaa463
Static task
static1
Behavioral task
behavioral1
Sample
b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130N.exe
-
Size
120KB
-
MD5
1430f96da6630ed645c10a89e2ad3fa0
-
SHA1
70c1b3e4676f98017fded905121995a1cf7a607d
-
SHA256
b7c45b559fc72a4b7134a4a308caf366aa990aec43f33a96f1bc1ac42e9e7130
-
SHA512
7788bea75e68c629a164c3a6b9c060282e7699bb52e8edd906b1357e8c0fc0c702602f5a610a5633d11cfa8c825d4db436ff809dbae52144b577dae09923b5a4
-
SSDEEP
1536:nteWGbTI21kNVKvLOLgtznu/qT5syoj4oygV26nUOVUtsSkqV4PVIDrh:nubE2a7ZUwqT+bEHgVvUaa463
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5