General
-
Target
fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659.exe
-
Size
120KB
-
Sample
241219-kvvrtsxngz
-
MD5
3b15ee4e15a1c611a2c1bba67ca7e3fa
-
SHA1
6f99f8998f96eedb794f59f29f15c9f527dd1161
-
SHA256
fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659
-
SHA512
32e4595865eef882f6c572d0198be82106cf30021443af94734d3c698c6027cb7cc00378df5870fd02ba0a6b5bee677e761df72962294821bd738913d1a3b5eb
-
SSDEEP
3072:GTvyYZhlHEymskuipjlPHdbSpe9Gj+KpYBGh3R:dYZ7Eywuejx92Eo0BGh3R
Static task
static1
Behavioral task
behavioral1
Sample
fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659.exe
-
Size
120KB
-
MD5
3b15ee4e15a1c611a2c1bba67ca7e3fa
-
SHA1
6f99f8998f96eedb794f59f29f15c9f527dd1161
-
SHA256
fe5ed133e579b8cfd16a74b660e5396b5f4ed964b68be5c7e3a054d87c434659
-
SHA512
32e4595865eef882f6c572d0198be82106cf30021443af94734d3c698c6027cb7cc00378df5870fd02ba0a6b5bee677e761df72962294821bd738913d1a3b5eb
-
SSDEEP
3072:GTvyYZhlHEymskuipjlPHdbSpe9Gj+KpYBGh3R:dYZ7Eywuejx92Eo0BGh3R
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5