General
-
Target
5a2ac0aab2a04fabb05cac08e0d5383f4b17e4e1a1941093903f1b0e2ba71623N.exe
-
Size
65KB
-
Sample
241219-1ltq6s1mbq
-
MD5
935d1bc559da9f2e24da5b1d5e7490e0
-
SHA1
0d417fd4bf7bdf9491b552bba4161e753fb92d8f
-
SHA256
5a2ac0aab2a04fabb05cac08e0d5383f4b17e4e1a1941093903f1b0e2ba71623
-
SHA512
8ed1c3b67c4029a58e2131bd8c44edb9f42390a580eed982b67368728780b3ce4e5cc8783e9258e4c2fd53d457476b5f89ee6c5370d6df4dd897dc0b5716c40c
-
SSDEEP
1536:8JmTzmCfzXpcnzSTHL8cHowPL9KrPGaK7oOHipWmnVt:amTiCtceTr8RwYVKUOvw
Static task
static1
Behavioral task
behavioral1
Sample
5a2ac0aab2a04fabb05cac08e0d5383f4b17e4e1a1941093903f1b0e2ba71623N.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5a2ac0aab2a04fabb05cac08e0d5383f4b17e4e1a1941093903f1b0e2ba71623N.exe
-
Size
65KB
-
MD5
935d1bc559da9f2e24da5b1d5e7490e0
-
SHA1
0d417fd4bf7bdf9491b552bba4161e753fb92d8f
-
SHA256
5a2ac0aab2a04fabb05cac08e0d5383f4b17e4e1a1941093903f1b0e2ba71623
-
SHA512
8ed1c3b67c4029a58e2131bd8c44edb9f42390a580eed982b67368728780b3ce4e5cc8783e9258e4c2fd53d457476b5f89ee6c5370d6df4dd897dc0b5716c40c
-
SSDEEP
1536:8JmTzmCfzXpcnzSTHL8cHowPL9KrPGaK7oOHipWmnVt:amTiCtceTr8RwYVKUOvw
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5