General
-
Target
5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3N.exe
-
Size
120KB
-
Sample
241218-3e3fvawqat
-
MD5
76bf3fcf4a0f2fe419184c256d6b8c00
-
SHA1
177db3dd3dba0107bf2b2c384f001d698c7a1b57
-
SHA256
5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3
-
SHA512
2372f0f2966975ec11b239b881cf5524294bd38ff77ca6d76a27995620ce66155aeba4d234886bbe9ef68c411dc1be3d00821b182c96084ec0da9b0ecadf80f6
-
SSDEEP
1536:21wWIdV9BfHvEqFjJVylnjFn6apvtq0bckiobDlYLbxP6d6wipHUNdcUiulfQ:26WIdV9BfHcF5jd1nQkiQUFg0mf
Static task
static1
Behavioral task
behavioral1
Sample
5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3N.exe
-
Size
120KB
-
MD5
76bf3fcf4a0f2fe419184c256d6b8c00
-
SHA1
177db3dd3dba0107bf2b2c384f001d698c7a1b57
-
SHA256
5a3f09556d2e882f297aeeefbc1c9f4a4e134619346d4572e46d8e8209461cc3
-
SHA512
2372f0f2966975ec11b239b881cf5524294bd38ff77ca6d76a27995620ce66155aeba4d234886bbe9ef68c411dc1be3d00821b182c96084ec0da9b0ecadf80f6
-
SSDEEP
1536:21wWIdV9BfHvEqFjJVylnjFn6apvtq0bckiobDlYLbxP6d6wipHUNdcUiulfQ:26WIdV9BfHcF5jd1nQkiQUFg0mf
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5