General
-
Target
8d7954080253cbf275b8f5a6a432c1ce533fc933b86329aeeab8c3b20d37025eN.exe
-
Size
309KB
-
Sample
241219-ka6zcswqh1
-
MD5
70c64412926869cb76dc96828e9343d0
-
SHA1
3daefd9e0a3245f9296886e37782a0d8783a58b8
-
SHA256
8d7954080253cbf275b8f5a6a432c1ce533fc933b86329aeeab8c3b20d37025e
-
SHA512
68414610ccd88f92dc92e948a4eb14f9e47da35b5396d05000a8366f222fe5a8e9a07543cf72c0d2db85ca00d33aa3bac7bd5ccf97f655ef2f6030062a66811a
-
SSDEEP
6144:l/YWZdWgUY3wyzuRpw9IngBg4tNQp30m3s:l/YiWgNPJBgQNQp30t
Static task
static1
Behavioral task
behavioral1
Sample
8d7954080253cbf275b8f5a6a432c1ce533fc933b86329aeeab8c3b20d37025eN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8d7954080253cbf275b8f5a6a432c1ce533fc933b86329aeeab8c3b20d37025eN.exe
-
Size
309KB
-
MD5
70c64412926869cb76dc96828e9343d0
-
SHA1
3daefd9e0a3245f9296886e37782a0d8783a58b8
-
SHA256
8d7954080253cbf275b8f5a6a432c1ce533fc933b86329aeeab8c3b20d37025e
-
SHA512
68414610ccd88f92dc92e948a4eb14f9e47da35b5396d05000a8366f222fe5a8e9a07543cf72c0d2db85ca00d33aa3bac7bd5ccf97f655ef2f6030062a66811a
-
SSDEEP
6144:l/YWZdWgUY3wyzuRpw9IngBg4tNQp30m3s:l/YiWgNPJBgQNQp30t
-
Modifies firewall policy service
-
Sality family
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5