General
-
Target
270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719.exe
-
Size
499KB
-
Sample
241218-1ktpsaspbx
-
MD5
513adbaff9834e9531b99707b51849ba
-
SHA1
9480449adcdd288e6b2331284838de464479111b
-
SHA256
270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719
-
SHA512
f073ba08e5272372211899b54aeee9b75a66f92ad441821797c90660aae252bea4c86a351110b2963fe5e80076b49e859594171bafe91346b2a8635d6e714518
-
SSDEEP
6144:P0IEu0/l7rUdoqWMvjcw3sWSAoITM+NPUHFWna2Wb8dzLSAHRI5jq:u79qXvjRc5AoIY+NPUlWna8QD5O
Static task
static1
Behavioral task
behavioral1
Sample
270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719.dll
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719.exe
-
Size
499KB
-
MD5
513adbaff9834e9531b99707b51849ba
-
SHA1
9480449adcdd288e6b2331284838de464479111b
-
SHA256
270486a14b13b411325508cd1dd8ed7d3efe91e1c54828b63756a1904c3bf719
-
SHA512
f073ba08e5272372211899b54aeee9b75a66f92ad441821797c90660aae252bea4c86a351110b2963fe5e80076b49e859594171bafe91346b2a8635d6e714518
-
SSDEEP
6144:P0IEu0/l7rUdoqWMvjcw3sWSAoITM+NPUHFWna2Wb8dzLSAHRI5jq:u79qXvjRc5AoIY+NPUlWna8QD5O
-
Modifies firewall policy service
-
Ramnit family
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6