General
-
Target
a338a47e555ce3b6df0223777d4a7c9886dabb83dbb31a2d70b2618d63e9110d.exe
-
Size
120KB
-
Sample
241218-aqvwxstrgx
-
MD5
c850d056cc0d91ca955cdf7ccca4ac59
-
SHA1
705496d93152c25d6f4b0ddaa07fd1048e924ffa
-
SHA256
a338a47e555ce3b6df0223777d4a7c9886dabb83dbb31a2d70b2618d63e9110d
-
SHA512
3fe54507833c2b3d3f2791cf7d15d14811caf576d4e7df0cec13d238b19a439d1ad2d56ea3c4049389b02c7069379d13df98c2fba641f7265e8e731dd37a1612
-
SSDEEP
3072:1VaQc7YLD0OHwM2mq349baISXXaRT+5oWjB:s4AOHwMW34ZI+YoW1
Static task
static1
Behavioral task
behavioral1
Sample
a338a47e555ce3b6df0223777d4a7c9886dabb83dbb31a2d70b2618d63e9110d.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a338a47e555ce3b6df0223777d4a7c9886dabb83dbb31a2d70b2618d63e9110d.exe
-
Size
120KB
-
MD5
c850d056cc0d91ca955cdf7ccca4ac59
-
SHA1
705496d93152c25d6f4b0ddaa07fd1048e924ffa
-
SHA256
a338a47e555ce3b6df0223777d4a7c9886dabb83dbb31a2d70b2618d63e9110d
-
SHA512
3fe54507833c2b3d3f2791cf7d15d14811caf576d4e7df0cec13d238b19a439d1ad2d56ea3c4049389b02c7069379d13df98c2fba641f7265e8e731dd37a1612
-
SSDEEP
3072:1VaQc7YLD0OHwM2mq349baISXXaRT+5oWjB:s4AOHwMW34ZI+YoW1
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5