General
-
Target
fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28N.exe
-
Size
120KB
-
Sample
241218-fqht9atray
-
MD5
c59671ec62f385ed57472752b4544a00
-
SHA1
5a3222912561c89bbb05c99ab0260babeab96c9d
-
SHA256
fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28
-
SHA512
c94faa92d8194e6b0cd44e0eb89803e6a07c50dc2cafc4aaae6db67de540a819d5957a807d366ac98aba3bfc0406b6eb8ba39c8e4ffd3033ccc74991f3fe76db
-
SSDEEP
3072:1VaQc7YLD0OHwM2mq349baISXXaRT+5oWj:s4AOHwMW34ZI+YoW
Static task
static1
Behavioral task
behavioral1
Sample
fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28N.exe
-
Size
120KB
-
MD5
c59671ec62f385ed57472752b4544a00
-
SHA1
5a3222912561c89bbb05c99ab0260babeab96c9d
-
SHA256
fdf0e5b020cd294e97e5c983c84c742428cc1071684d23e6a6e8c9d0c66e4b28
-
SHA512
c94faa92d8194e6b0cd44e0eb89803e6a07c50dc2cafc4aaae6db67de540a819d5957a807d366ac98aba3bfc0406b6eb8ba39c8e4ffd3033ccc74991f3fe76db
-
SSDEEP
3072:1VaQc7YLD0OHwM2mq349baISXXaRT+5oWj:s4AOHwMW34ZI+YoW
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5