General
-
Target
0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90N.exe
-
Size
120KB
-
Sample
241218-3nmfzsxqdq
-
MD5
cfe7a9a27fe96875a2243b167305dc70
-
SHA1
5c88e967bc5ed3e0aef100943c86627784ed798d
-
SHA256
0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90
-
SHA512
4acedfde8fb90553864a02484fbad96bb97823a7fd9ed4b4a6cce4a2925601603d794cf3f8c4705149067429c725ffbf0284dfa9684e5e53567009be81538411
-
SSDEEP
1536:djse0fRGwfJBkSbO8+7OQKwKk+ZzOXdwYh5ts0CQN+Sa3ish189uYc8g:dj8f04JBs8LcKkqKdwkA0CQN+Sax78
Static task
static1
Behavioral task
behavioral1
Sample
0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90N.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90N.exe
-
Size
120KB
-
MD5
cfe7a9a27fe96875a2243b167305dc70
-
SHA1
5c88e967bc5ed3e0aef100943c86627784ed798d
-
SHA256
0fcffe39fa3e4b8f6010666ba24c18ddbd2d565ee4949979e24db3e3dac52b90
-
SHA512
4acedfde8fb90553864a02484fbad96bb97823a7fd9ed4b4a6cce4a2925601603d794cf3f8c4705149067429c725ffbf0284dfa9684e5e53567009be81538411
-
SSDEEP
1536:djse0fRGwfJBkSbO8+7OQKwKk+ZzOXdwYh5ts0CQN+Sa3ish189uYc8g:dj8f04JBs8LcKkqKdwkA0CQN+Sax78
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5