General
-
Target
152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634.exe
-
Size
120KB
-
Sample
241218-2h8llavmbw
-
MD5
23bda8ab0a97da69f454b3fb2ee3c927
-
SHA1
385130ef11cd0689da7ab4ace23c5a45cf9fd76e
-
SHA256
152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634
-
SHA512
15e46b5e0d6a2b33a973e215e3bc032a5a4096d4b0a1e4a610937268f984d8f3bd084cfce4856ebe86ec43ba7fb4ebb9ee613a7fb294ffe151190f0145cf4f6d
-
SSDEEP
1536:B3uvRxZMssQJDfxWjM7zmIcxufUv8OTaSCWsmhRFgBP9/st1Aev+bLAawYeih:tuv3hMj8zmffvPTfsmXF0Rstj+Lx9eih
Static task
static1
Behavioral task
behavioral1
Sample
152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634.dll
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634.exe
-
Size
120KB
-
MD5
23bda8ab0a97da69f454b3fb2ee3c927
-
SHA1
385130ef11cd0689da7ab4ace23c5a45cf9fd76e
-
SHA256
152c7b6bbb28d3a6bb82db25c979a325689c83f2f8b5859784566e7cef08e634
-
SHA512
15e46b5e0d6a2b33a973e215e3bc032a5a4096d4b0a1e4a610937268f984d8f3bd084cfce4856ebe86ec43ba7fb4ebb9ee613a7fb294ffe151190f0145cf4f6d
-
SSDEEP
1536:B3uvRxZMssQJDfxWjM7zmIcxufUv8OTaSCWsmhRFgBP9/st1Aev+bLAawYeih:tuv3hMj8zmffvPTfsmXF0Rstj+Lx9eih
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5