General
-
Target
c42d1ef850fad9273171894a47cf43a3e9fe5b97f74931b59aa577bdb7bc94c6
-
Size
806KB
-
Sample
241218-ac7zbsvndq
-
MD5
d270e440a391f8cc2611e688e183a7f6
-
SHA1
35e2b912f059f9749236d4b66d0ea7b75bdf0c2b
-
SHA256
c42d1ef850fad9273171894a47cf43a3e9fe5b97f74931b59aa577bdb7bc94c6
-
SHA512
714ab13a29412bcb10839057b478c7d75bec74ebf267a31c565c60bcc8c3a4955e503571ccac42c3c361c1daaac6b164e125ffb6d0b4f3e4d5eaf2ddebc4c649
-
SSDEEP
12288:qITsqgmDWSpR+GqW1gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBN4pI:qIXgCWSpRyWdSJVDsVu5unzqWvX194S
Static task
static1
Behavioral task
behavioral1
Sample
c42d1ef850fad9273171894a47cf43a3e9fe5b97f74931b59aa577bdb7bc94c6.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c42d1ef850fad9273171894a47cf43a3e9fe5b97f74931b59aa577bdb7bc94c6
-
Size
806KB
-
MD5
d270e440a391f8cc2611e688e183a7f6
-
SHA1
35e2b912f059f9749236d4b66d0ea7b75bdf0c2b
-
SHA256
c42d1ef850fad9273171894a47cf43a3e9fe5b97f74931b59aa577bdb7bc94c6
-
SHA512
714ab13a29412bcb10839057b478c7d75bec74ebf267a31c565c60bcc8c3a4955e503571ccac42c3c361c1daaac6b164e125ffb6d0b4f3e4d5eaf2ddebc4c649
-
SSDEEP
12288:qITsqgmDWSpR+GqW1gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBN4pI:qIXgCWSpRyWdSJVDsVu5unzqWvX194S
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5