General
-
Target
e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176N.exe
-
Size
120KB
-
Sample
241219-b6p62sslhl
-
MD5
73ad0841dd0db6ea73e497546a0d0b60
-
SHA1
91def1fea04afc574f2382d7484198e6fc48ce15
-
SHA256
e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176
-
SHA512
2e45e8ae08a32d86fc2982da96cef7efe8ee6dc0ea4573129e7d24dae3a7efc7d6c23f1b8a1a35c4f84109830c15275f099089f804214af913ea971737901407
-
SSDEEP
3072:WytBSCdTmIdXhhf9LcwmVVHrpG6/a4ZI:DyCZmInV9LcD746t
Static task
static1
Behavioral task
behavioral1
Sample
e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176N.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176N.exe
-
Size
120KB
-
MD5
73ad0841dd0db6ea73e497546a0d0b60
-
SHA1
91def1fea04afc574f2382d7484198e6fc48ce15
-
SHA256
e3357d672bab6e2144b648cc15411367cd358434ff91e041db44574c2e2e1176
-
SHA512
2e45e8ae08a32d86fc2982da96cef7efe8ee6dc0ea4573129e7d24dae3a7efc7d6c23f1b8a1a35c4f84109830c15275f099089f804214af913ea971737901407
-
SSDEEP
3072:WytBSCdTmIdXhhf9LcwmVVHrpG6/a4ZI:DyCZmInV9LcD746t
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5