General
-
Target
c96e84c57bbe2993fccef83cac472d5bad0b19ca4c73ab7b581346a54b4c5dafN.exe
-
Size
120KB
-
Sample
241218-ckwblsxrcw
-
MD5
aad77b942a97206464e1a9c279889b30
-
SHA1
3d9d3171a77a351adc4ba71b349a0a65be4757b1
-
SHA256
c96e84c57bbe2993fccef83cac472d5bad0b19ca4c73ab7b581346a54b4c5daf
-
SHA512
4e520b60f255905c734e2159493d7d6f4148d697a4bb8c7d0cff8d269925f028e87e492c91dc2bc05d4e59853103f984e5fc434470e048821125d2cddf684092
-
SSDEEP
3072:shTeRa1aq0mP4Laf1I3pXrzYjYE3wr1JIy:shTqOavfZbcTk1JI
Static task
static1
Behavioral task
behavioral1
Sample
c96e84c57bbe2993fccef83cac472d5bad0b19ca4c73ab7b581346a54b4c5dafN.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c96e84c57bbe2993fccef83cac472d5bad0b19ca4c73ab7b581346a54b4c5dafN.exe
-
Size
120KB
-
MD5
aad77b942a97206464e1a9c279889b30
-
SHA1
3d9d3171a77a351adc4ba71b349a0a65be4757b1
-
SHA256
c96e84c57bbe2993fccef83cac472d5bad0b19ca4c73ab7b581346a54b4c5daf
-
SHA512
4e520b60f255905c734e2159493d7d6f4148d697a4bb8c7d0cff8d269925f028e87e492c91dc2bc05d4e59853103f984e5fc434470e048821125d2cddf684092
-
SSDEEP
3072:shTeRa1aq0mP4Laf1I3pXrzYjYE3wr1JIy:shTqOavfZbcTk1JI
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5