General
-
Target
38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340.exe
-
Size
120KB
-
Sample
241218-czgf1ayngs
-
MD5
e332db6d96fe722b502f23b8a9f02e33
-
SHA1
2dbe856c7f26b9e71b4051fe82948d2faf4d4dd2
-
SHA256
38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340
-
SHA512
146280a1d2d84428f0c9b664e5803d56bb55340fb7078a665368abc39c8926d98a55511302e7b4a012a422ca9abfb21981bc6062e5f581b4992e9094f3662ba8
-
SSDEEP
3072:RLuyL6Jn12tJB3ZaAs0R6Rc+1WDT0C/3l0Huj6Av7B:RLuG6JeBpO0RJTF/10Hu+MB
Static task
static1
Behavioral task
behavioral1
Sample
38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340.exe
-
Size
120KB
-
MD5
e332db6d96fe722b502f23b8a9f02e33
-
SHA1
2dbe856c7f26b9e71b4051fe82948d2faf4d4dd2
-
SHA256
38ac5957d6cb315909e259bd896e1bb17a4a5c0d4d28a7c83034c0ee344a8340
-
SHA512
146280a1d2d84428f0c9b664e5803d56bb55340fb7078a665368abc39c8926d98a55511302e7b4a012a422ca9abfb21981bc6062e5f581b4992e9094f3662ba8
-
SSDEEP
3072:RLuyL6Jn12tJB3ZaAs0R6Rc+1WDT0C/3l0Huj6Av7B:RLuG6JeBpO0RJTF/10Hu+MB
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5