General
-
Target
077ed9b416ad383271e5e38b46cae99ddc6dca23d6cc51163c06fcc0bd31f988N.exe
-
Size
120KB
-
Sample
241218-cn8q4sykbt
-
MD5
539a90ac997ee83e61a1ccf5b72e54b0
-
SHA1
59e35fa9d8f71b432c2c0b1eb0d1af86481b0c58
-
SHA256
077ed9b416ad383271e5e38b46cae99ddc6dca23d6cc51163c06fcc0bd31f988
-
SHA512
8308279528daada00104cd6c976e2490598e3892c3a3c3a8ba9546f35630308f57565c6483e1fbdffb972e98190bcd9289afb9b5dfeb14df07b9e312cde28551
-
SSDEEP
3072:2vpALNdy5WfswwJqeE0V9Fc0K1cDXW4CbOiq:8pONkUsjzxnKaXW4OOn
Static task
static1
Behavioral task
behavioral1
Sample
077ed9b416ad383271e5e38b46cae99ddc6dca23d6cc51163c06fcc0bd31f988N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
077ed9b416ad383271e5e38b46cae99ddc6dca23d6cc51163c06fcc0bd31f988N.exe
-
Size
120KB
-
MD5
539a90ac997ee83e61a1ccf5b72e54b0
-
SHA1
59e35fa9d8f71b432c2c0b1eb0d1af86481b0c58
-
SHA256
077ed9b416ad383271e5e38b46cae99ddc6dca23d6cc51163c06fcc0bd31f988
-
SHA512
8308279528daada00104cd6c976e2490598e3892c3a3c3a8ba9546f35630308f57565c6483e1fbdffb972e98190bcd9289afb9b5dfeb14df07b9e312cde28551
-
SSDEEP
3072:2vpALNdy5WfswwJqeE0V9Fc0K1cDXW4CbOiq:8pONkUsjzxnKaXW4OOn
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5