General
-
Target
f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75.exe
-
Size
309KB
-
Sample
241219-arydfaymax
-
MD5
f52e000589991b8a11914d597abb6969
-
SHA1
0a6434db4292e030fa0497b0e790a49760a99639
-
SHA256
f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75
-
SHA512
f81f88e297d4d42b5059900b1712654bf7b300b9cb251edd69ec4e523b6c8c910ad28ca3a70698c6cff97536f1c6aa78d255b0a913695b312fa18050fb278f9a
-
SSDEEP
6144:l/YWZdWgUY3wyzuRpw9IngBg4tNQp30m3s:l/YiWgNPJBgQNQp30t
Static task
static1
Behavioral task
behavioral1
Sample
f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75.exe
-
Size
309KB
-
MD5
f52e000589991b8a11914d597abb6969
-
SHA1
0a6434db4292e030fa0497b0e790a49760a99639
-
SHA256
f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75
-
SHA512
f81f88e297d4d42b5059900b1712654bf7b300b9cb251edd69ec4e523b6c8c910ad28ca3a70698c6cff97536f1c6aa78d255b0a913695b312fa18050fb278f9a
-
SSDEEP
6144:l/YWZdWgUY3wyzuRpw9IngBg4tNQp30m3s:l/YiWgNPJBgQNQp30t
-
Modifies firewall policy service
-
Sality family
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1