General
-
Target
096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99.exe
-
Size
120KB
-
Sample
241218-a3gj3avmfs
-
MD5
3142c05abb2466d03a2745044c24ab87
-
SHA1
1635996aee86c6bcf18c912dcf7d11a4bec38dd4
-
SHA256
096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99
-
SHA512
b47e3c362238af6025fe4e2c9ed07c662967b3e2c6289a22261e98d51eec6ff04813531ad85ba784331b82b455b9368a8982c79832b29c1ba730631c8edc4e12
-
SSDEEP
3072:MkUaDkjCbY0yj6jpS7UA4gMUa81JzoQOkhV:MkUaDk90k7UAbMUayhoLkhV
Static task
static1
Behavioral task
behavioral1
Sample
096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99.exe
-
Size
120KB
-
MD5
3142c05abb2466d03a2745044c24ab87
-
SHA1
1635996aee86c6bcf18c912dcf7d11a4bec38dd4
-
SHA256
096aa4a879abe779a2fb5b4876e39b741d0b579f0d6b52851f92f9d6048a4c99
-
SHA512
b47e3c362238af6025fe4e2c9ed07c662967b3e2c6289a22261e98d51eec6ff04813531ad85ba784331b82b455b9368a8982c79832b29c1ba730631c8edc4e12
-
SSDEEP
3072:MkUaDkjCbY0yj6jpS7UA4gMUa81JzoQOkhV:MkUaDk90k7UAbMUayhoLkhV
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5