General
-
Target
626e983563d5ae23d9efead5a63b89a6d55ad8c3a6a2342d86c5b94fbd3d6454N.exe
-
Size
240KB
-
Sample
241219-fyqvts1khr
-
MD5
89ebceea688bbee190812f8c33dd5910
-
SHA1
1301a28798ab31fd0fb9d62e96b0ba08d0b59316
-
SHA256
626e983563d5ae23d9efead5a63b89a6d55ad8c3a6a2342d86c5b94fbd3d6454
-
SHA512
c5051e64c921afe6bc9af4c5af84ad048490201260d739c58f2dd904ede24f19937e0a468d514c3516e387fbaa4a39ed0f865c04e975ac4fda8bb63bbd4da475
-
SSDEEP
1536:+MJSA0wu18fL22ATdhuJyFXlyC1doZVNcEvkUbPcuwNuXW4ys/Fd+FSbawIInAsB:+MJZ0XiujuJZKmaGYYXW4ymo47DhdP
Static task
static1
Behavioral task
behavioral1
Sample
626e983563d5ae23d9efead5a63b89a6d55ad8c3a6a2342d86c5b94fbd3d6454N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
626e983563d5ae23d9efead5a63b89a6d55ad8c3a6a2342d86c5b94fbd3d6454N.exe
-
Size
240KB
-
MD5
89ebceea688bbee190812f8c33dd5910
-
SHA1
1301a28798ab31fd0fb9d62e96b0ba08d0b59316
-
SHA256
626e983563d5ae23d9efead5a63b89a6d55ad8c3a6a2342d86c5b94fbd3d6454
-
SHA512
c5051e64c921afe6bc9af4c5af84ad048490201260d739c58f2dd904ede24f19937e0a468d514c3516e387fbaa4a39ed0f865c04e975ac4fda8bb63bbd4da475
-
SSDEEP
1536:+MJSA0wu18fL22ATdhuJyFXlyC1doZVNcEvkUbPcuwNuXW4ys/Fd+FSbawIInAsB:+MJZ0XiujuJZKmaGYYXW4ymo47DhdP
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Sality family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7