General
-
Target
9ea2d4f6c9192270c7d569983f14d45e8eade938efe02d5c568f9bb870fa1627N.exe
-
Size
400KB
-
Sample
241219-hq8f1stlhy
-
MD5
2647320e14aa46e25641f52a28342000
-
SHA1
3da706e591730c41c0473669c70e1923729fb22d
-
SHA256
9ea2d4f6c9192270c7d569983f14d45e8eade938efe02d5c568f9bb870fa1627
-
SHA512
0355705f80e4f5e0075b87ce38836e24a32b01d4781e4e2e14177cecfe9b1add69629c168ff9c6223cca8aec06160bb421b29a487c59105897875e9701e84f15
-
SSDEEP
12288:5myhC36BkA4d4qxwJwO2SYKTFLCuCLbNB6a:5m+C3OkIqxwJ0pKg36a
Static task
static1
Behavioral task
behavioral1
Sample
9ea2d4f6c9192270c7d569983f14d45e8eade938efe02d5c568f9bb870fa1627N.exe
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
9ea2d4f6c9192270c7d569983f14d45e8eade938efe02d5c568f9bb870fa1627N.exe
-
Size
400KB
-
MD5
2647320e14aa46e25641f52a28342000
-
SHA1
3da706e591730c41c0473669c70e1923729fb22d
-
SHA256
9ea2d4f6c9192270c7d569983f14d45e8eade938efe02d5c568f9bb870fa1627
-
SHA512
0355705f80e4f5e0075b87ce38836e24a32b01d4781e4e2e14177cecfe9b1add69629c168ff9c6223cca8aec06160bb421b29a487c59105897875e9701e84f15
-
SSDEEP
12288:5myhC36BkA4d4qxwJwO2SYKTFLCuCLbNB6a:5m+C3OkIqxwJ0pKg36a
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5