General
-
Target
5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b.exe
-
Size
97KB
-
Sample
241219-eefebawpcx
-
MD5
fbb68a13717858f8146b1a29017aaa43
-
SHA1
95331185bc7a09bfe406eee15476304d6741a45a
-
SHA256
5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b
-
SHA512
73d79777887f659d13fcdba0f0b09bca3b91a8435e028722e4bf888397bbcde2172d32aa14e669325859664f1b2cacf44e36d63f523868a5a69eb58f4b2a8321
-
SSDEEP
1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiMt:iPS7mwI1L+NB2NoeWdETMFQNU1Mt
Static task
static1
Behavioral task
behavioral1
Sample
5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b.exe
-
Size
97KB
-
MD5
fbb68a13717858f8146b1a29017aaa43
-
SHA1
95331185bc7a09bfe406eee15476304d6741a45a
-
SHA256
5cd22ad0259be78ec052d35a4330ef634aa270809fa8de0875389d4522ba996b
-
SHA512
73d79777887f659d13fcdba0f0b09bca3b91a8435e028722e4bf888397bbcde2172d32aa14e669325859664f1b2cacf44e36d63f523868a5a69eb58f4b2a8321
-
SSDEEP
1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiMt:iPS7mwI1L+NB2NoeWdETMFQNU1Mt
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5