General
-
Target
4ed03216d3e11f28c2e00dfcb27e266b2cf8ffc6d561341adc53536996bc73ddN.exe
-
Size
65KB
-
Sample
241219-3aqw9atkcn
-
MD5
8b32a611306161ae26725542b5e9faa0
-
SHA1
f6b5ee28057c9d6d35acaefa6fa0b9a0aa732ddc
-
SHA256
4ed03216d3e11f28c2e00dfcb27e266b2cf8ffc6d561341adc53536996bc73dd
-
SHA512
4ae52975008f1022a814be81102c7ef36b98f91259fea522eacc8595535b6dc54cbadffa1ba17be8faa3a93777edb2ef954d465ae37820dc1efbcf2ce7785628
-
SSDEEP
1536:Bh5nhS/P1ghHilyhb2twcc4SOwMbBD4f/lN4nXSz3uS44q1pi/:BhjS/PgiVtBdrJUwiz3B
Static task
static1
Behavioral task
behavioral1
Sample
4ed03216d3e11f28c2e00dfcb27e266b2cf8ffc6d561341adc53536996bc73ddN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
4ed03216d3e11f28c2e00dfcb27e266b2cf8ffc6d561341adc53536996bc73ddN.exe
-
Size
65KB
-
MD5
8b32a611306161ae26725542b5e9faa0
-
SHA1
f6b5ee28057c9d6d35acaefa6fa0b9a0aa732ddc
-
SHA256
4ed03216d3e11f28c2e00dfcb27e266b2cf8ffc6d561341adc53536996bc73dd
-
SHA512
4ae52975008f1022a814be81102c7ef36b98f91259fea522eacc8595535b6dc54cbadffa1ba17be8faa3a93777edb2ef954d465ae37820dc1efbcf2ce7785628
-
SSDEEP
1536:Bh5nhS/P1ghHilyhb2twcc4SOwMbBD4f/lN4nXSz3uS44q1pi/:BhjS/PgiVtBdrJUwiz3B
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5