General
-
Target
cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbfN.exe
-
Size
97KB
-
Sample
241218-a9w84avqaw
-
MD5
f5a64358a7996b82fec32f8b5fda7b70
-
SHA1
212001670df63d7e27743876e8bceae0a5861add
-
SHA256
cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbf
-
SHA512
3a1208cd37fa9c5dad734079429c61c067467d6ec038703d75035a337579499bf4db06784643ae8d46d7f09ace78bc15f70100573249a6facea63842400cfce6
-
SSDEEP
1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAf:koq/TKlyhLXmTi
Static task
static1
Behavioral task
behavioral1
Sample
cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbfN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbfN.exe
-
Size
97KB
-
MD5
f5a64358a7996b82fec32f8b5fda7b70
-
SHA1
212001670df63d7e27743876e8bceae0a5861add
-
SHA256
cefc82a274702a2b151c3e1d23d21eafd58ac93c37fc68de784fb34926a71cbf
-
SHA512
3a1208cd37fa9c5dad734079429c61c067467d6ec038703d75035a337579499bf4db06784643ae8d46d7f09ace78bc15f70100573249a6facea63842400cfce6
-
SSDEEP
1536:koSVM8HWslsZ/Fu9d/lFXFUJ7n5PomhAf:koq/TKlyhLXmTi
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5