Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-12-2024 06:26
Static task
static1
Behavioral task
behavioral1
Sample
cf9b3a04096f7d06ab7ce21ce05ae43a33afe45f9d7c9a3ad6b7c80eae603cad.exe
Resource
win7-20240903-en
General
-
Target
cf9b3a04096f7d06ab7ce21ce05ae43a33afe45f9d7c9a3ad6b7c80eae603cad.exe
-
Size
655KB
-
MD5
9abc05fbb9ad054f9c44d349fb61307d
-
SHA1
280926fe7a685d4cd3c752feb0a3284b4f2b6e74
-
SHA256
cf9b3a04096f7d06ab7ce21ce05ae43a33afe45f9d7c9a3ad6b7c80eae603cad
-
SHA512
8caff24b566437d21f3fe1ce544d2894bdbd2754177049ffcd7e77e140137008c998a6286dd77f7aca455eb6061c7b790383ea6b299e01e724fcc7bdae535e28
-
SSDEEP
12288:hGdfJDRM8SmKrBh69VpmSi6AxOzaO9TsnD98A7xH5zbgbWlIzkJZ:gdhDRYmKi9XiZYzZ9TSD9J7xH5zsbWlL
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Sality family
-
resource yara_rule behavioral1/memory/2212-3-0x0000000001DF0000-0x0000000002EAA000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cf9b3a04096f7d06ab7ce21ce05ae43a33afe45f9d7c9a3ad6b7c80eae603cad.exe