General
-
Target
e1ae57def73acba849e81883ae6318b719dbb9978955e96a0a9bb358345b4835.exe
-
Size
120KB
-
Sample
241219-cfvjhssqdm
-
MD5
3dedfa011022c921044f530c79b9cfb3
-
SHA1
a426890385319428629c1a7af9e48a87b4fc1196
-
SHA256
e1ae57def73acba849e81883ae6318b719dbb9978955e96a0a9bb358345b4835
-
SHA512
ed5f27aad33db2cf59d82cbcc646281e8d649cf542f455f1a2eff97a29dac85e6b494bec30950ed383d0e160ba7b6e1b24f3d9d76ce95c47a03286b15e23b9fa
-
SSDEEP
3072:EREA/Q5HNSdi96k3M9vPVoUv9M4JvVbZ7:u/CDsvFG/6b
Static task
static1
Behavioral task
behavioral1
Sample
e1ae57def73acba849e81883ae6318b719dbb9978955e96a0a9bb358345b4835.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e1ae57def73acba849e81883ae6318b719dbb9978955e96a0a9bb358345b4835.exe
-
Size
120KB
-
MD5
3dedfa011022c921044f530c79b9cfb3
-
SHA1
a426890385319428629c1a7af9e48a87b4fc1196
-
SHA256
e1ae57def73acba849e81883ae6318b719dbb9978955e96a0a9bb358345b4835
-
SHA512
ed5f27aad33db2cf59d82cbcc646281e8d649cf542f455f1a2eff97a29dac85e6b494bec30950ed383d0e160ba7b6e1b24f3d9d76ce95c47a03286b15e23b9fa
-
SSDEEP
3072:EREA/Q5HNSdi96k3M9vPVoUv9M4JvVbZ7:u/CDsvFG/6b
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5