General
-
Target
b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cdN.exe
-
Size
194KB
-
Sample
241218-a15h4svmbx
-
MD5
f308e5e05010a58177bc9157a5eff140
-
SHA1
2720b76d2810dcdabde895ba8d583b11c8d2eba1
-
SHA256
b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cd
-
SHA512
af4b6bfa2cf5bb09429eb2ef13453796eda8d52728e2c6384cf9e6b0f1a04ab2f0cf344586788a89b8f4f3aca499f74d7a473bc3e0c733471dc93a47a4370398
-
SSDEEP
6144:iNSDyDIkFthpNTeF9sQKprqd9tEOdVv9HZHZ0S8Pie:KSDyTFtjdc9sQapOT9Hf0zPie
Static task
static1
Behavioral task
behavioral1
Sample
b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cdN.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cdN.exe
-
Size
194KB
-
MD5
f308e5e05010a58177bc9157a5eff140
-
SHA1
2720b76d2810dcdabde895ba8d583b11c8d2eba1
-
SHA256
b9ed28fcb4cb8b40e0b10f627db9add960f129b013bdc55ed77e93d234cfb4cd
-
SHA512
af4b6bfa2cf5bb09429eb2ef13453796eda8d52728e2c6384cf9e6b0f1a04ab2f0cf344586788a89b8f4f3aca499f74d7a473bc3e0c733471dc93a47a4370398
-
SSDEEP
6144:iNSDyDIkFthpNTeF9sQKprqd9tEOdVv9HZHZ0S8Pie:KSDyTFtjdc9sQapOT9Hf0zPie
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5