General
-
Target
64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6.exe
-
Size
1.1MB
-
Sample
241219-gp9r1ssmbj
-
MD5
0bb35ff66fc9fabdc1c8b0f4b978b853
-
SHA1
c4469eec72a18c1c71d45d043520210826142b40
-
SHA256
64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6
-
SHA512
231842cb470991b936d88a232ec5e19b3b3a8ab37c6759c6992bfd20ac02430dbb47a170349ddc2f9c0860d2f74ebaf3b0628a336a3dadd09b36180c733781e5
-
SSDEEP
24576:0iZ1IdkiaMTNXs8q73ratc8qwBWc0JE9UcyL6nGIrNDXqHqAp9:rd/eehjratJBn9Uc+GGI56HLL
Static task
static1
Behavioral task
behavioral1
Sample
64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6.exe
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6.exe
-
Size
1.1MB
-
MD5
0bb35ff66fc9fabdc1c8b0f4b978b853
-
SHA1
c4469eec72a18c1c71d45d043520210826142b40
-
SHA256
64b962c13a7c578da09a6fbe403e9723084104de7d8125972f1aa83752a0fcc6
-
SHA512
231842cb470991b936d88a232ec5e19b3b3a8ab37c6759c6992bfd20ac02430dbb47a170349ddc2f9c0860d2f74ebaf3b0628a336a3dadd09b36180c733781e5
-
SSDEEP
24576:0iZ1IdkiaMTNXs8q73ratc8qwBWc0JE9UcyL6nGIrNDXqHqAp9:rd/eehjratJBn9Uc+GGI56HLL
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5