General
-
Target
532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505.exe
-
Size
120KB
-
Sample
241219-basmaszkdt
-
MD5
d63cc28193e3f9d79d8b8628df7121f7
-
SHA1
5a12cb347c270f92038cfcf35ec9fb6b99f45a99
-
SHA256
532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505
-
SHA512
4025af0ce7e40490109170b0853c39726dcf86f616ba34c7426c32695e1f4c410bf1891070a6f2af7b8769a0237be43f2ac1eb790cd0a2538b7559745feb3068
-
SSDEEP
1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6f:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboOM
Static task
static1
Behavioral task
behavioral1
Sample
532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505.exe
-
Size
120KB
-
MD5
d63cc28193e3f9d79d8b8628df7121f7
-
SHA1
5a12cb347c270f92038cfcf35ec9fb6b99f45a99
-
SHA256
532867ce7cef0ee357fb5b58c45821745215db96c2eff8346977597c65ec5505
-
SHA512
4025af0ce7e40490109170b0853c39726dcf86f616ba34c7426c32695e1f4c410bf1891070a6f2af7b8769a0237be43f2ac1eb790cd0a2538b7559745feb3068
-
SSDEEP
1536:oFQvcUbfQdtPOZd2T2WiH0Ab8d4O2240r9L0E9926Or/ttsXQGaSqQHn141Sbb6f:oFiv0iZdoU0Ab8dH2Or0r/6cQ14AboOM
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5