General
-
Target
dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83
-
Size
806KB
-
Sample
241218-ae3gmavpcm
-
MD5
0d4e858ca6ceef5d23c89fdcd1d54463
-
SHA1
68a99e1e6dacf4cd8128066e69f9be34ca4064fb
-
SHA256
dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83
-
SHA512
004c5f350054e87ce0a746147e4aa0077ff9debc147ec6f7ac3d1cea5e65ae3ad0125b11f15daadbb6cad6944befbb2aa6104ecb5186ff7fffafe227eb913af9
-
SSDEEP
12288:UITsqgmDWSpR+Gq51gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBopvkf:UIXgCWSpRy5dSJVDsVu5unzqWvX14pcf
Static task
static1
Behavioral task
behavioral1
Sample
dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83
-
Size
806KB
-
MD5
0d4e858ca6ceef5d23c89fdcd1d54463
-
SHA1
68a99e1e6dacf4cd8128066e69f9be34ca4064fb
-
SHA256
dc2d66befd076a5ee3f7749bde46b4194d36b1d5cfbaa67e2aee30c57277cb83
-
SHA512
004c5f350054e87ce0a746147e4aa0077ff9debc147ec6f7ac3d1cea5e65ae3ad0125b11f15daadbb6cad6944befbb2aa6104ecb5186ff7fffafe227eb913af9
-
SSDEEP
12288:UITsqgmDWSpR+Gq51gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRBopvkf:UIXgCWSpRy5dSJVDsVu5unzqWvX14pcf
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5