General
-
Target
498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0N.exe
-
Size
120KB
-
Sample
241219-ambc4syrck
-
MD5
bffe1a75b8db962292cddd50ecaacd20
-
SHA1
2c6a15835e2ae91e5a40ecbcba910080fc07ca8e
-
SHA256
498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0
-
SHA512
423d547c19c0179183323ee1676504a9934fde367e99bcfeb7b4d2e233ed466b27e9d1a6fbb0017fa9b5ea0d03c1163e42c8409f3e2eede8f12e1a6095493653
-
SSDEEP
1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6S:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboO
Static task
static1
Behavioral task
behavioral1
Sample
498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0N.exe
-
Size
120KB
-
MD5
bffe1a75b8db962292cddd50ecaacd20
-
SHA1
2c6a15835e2ae91e5a40ecbcba910080fc07ca8e
-
SHA256
498888b0ce809905ff50e4a417694564df6dac972749f9783856845776424bf0
-
SHA512
423d547c19c0179183323ee1676504a9934fde367e99bcfeb7b4d2e233ed466b27e9d1a6fbb0017fa9b5ea0d03c1163e42c8409f3e2eede8f12e1a6095493653
-
SSDEEP
1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6S:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboO
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5