General
-
Target
88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75N.exe
-
Size
120KB
-
Sample
241219-269hsstjdp
-
MD5
b0657cfb9b30c690c58ccd4fc0d7adf0
-
SHA1
1eb16eb6efff097eda62f2347d7eacf3a06ea405
-
SHA256
88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75
-
SHA512
181e14abd8129bd6a6ffa2b38e4fd82cd88d7aa98c264be8e1d404b1d0ee581a6677920b5f0612863e4b57168ae4961bdcdbd0415f4d801f784af10abd31775b
-
SSDEEP
1536:zO881tjPJOECLx8+NUZaX3VRzazIWi4ClCOsnvWb8goVxkzhBbGjIWvBXJmXo:zO8Y5hgScbl1Cu8go4dJqIUUY
Static task
static1
Behavioral task
behavioral1
Sample
88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75N.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75N.exe
-
Size
120KB
-
MD5
b0657cfb9b30c690c58ccd4fc0d7adf0
-
SHA1
1eb16eb6efff097eda62f2347d7eacf3a06ea405
-
SHA256
88a7c03d4d95f19c549000d46e351c0414b20bf7a41c37e4d507565f6b025a75
-
SHA512
181e14abd8129bd6a6ffa2b38e4fd82cd88d7aa98c264be8e1d404b1d0ee581a6677920b5f0612863e4b57168ae4961bdcdbd0415f4d801f784af10abd31775b
-
SSDEEP
1536:zO881tjPJOECLx8+NUZaX3VRzazIWi4ClCOsnvWb8goVxkzhBbGjIWvBXJmXo:zO8Y5hgScbl1Cu8go4dJqIUUY
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5