General
-
Target
216325d52a456244458de3c1abf7c06f8d6cd4c581e69246beabdfdecb7fce36.exe
-
Size
120KB
-
Sample
241219-gfbtma1rhn
-
MD5
dabc422f285be9ff30e4699ad7748c4a
-
SHA1
471661c68aea7c300de12cdc99810420248a0fba
-
SHA256
216325d52a456244458de3c1abf7c06f8d6cd4c581e69246beabdfdecb7fce36
-
SHA512
b000898b769b3c334ba245006698419a65005f4be044a554a96170a378cd2d496610f7b78658ce8e720ffcd64e37788e94dd7ed445ad04555c359018021b1662
-
SSDEEP
3072:WytBSCdTmIdXhhf9LcwmVVHrpG6/a4ZIQ:DyCZmInV9LcD746t7
Static task
static1
Behavioral task
behavioral1
Sample
216325d52a456244458de3c1abf7c06f8d6cd4c581e69246beabdfdecb7fce36.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
216325d52a456244458de3c1abf7c06f8d6cd4c581e69246beabdfdecb7fce36.exe
-
Size
120KB
-
MD5
dabc422f285be9ff30e4699ad7748c4a
-
SHA1
471661c68aea7c300de12cdc99810420248a0fba
-
SHA256
216325d52a456244458de3c1abf7c06f8d6cd4c581e69246beabdfdecb7fce36
-
SHA512
b000898b769b3c334ba245006698419a65005f4be044a554a96170a378cd2d496610f7b78658ce8e720ffcd64e37788e94dd7ed445ad04555c359018021b1662
-
SSDEEP
3072:WytBSCdTmIdXhhf9LcwmVVHrpG6/a4ZIQ:DyCZmInV9LcD746t7
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5