General
-
Target
bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56dN.exe
-
Size
65KB
-
Sample
241219-l4bkzszlfw
-
MD5
50e889f6c972cef26886a38209c69860
-
SHA1
f11c9874c08363d357a9a36ec7e8f17bf84155c0
-
SHA256
bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56d
-
SHA512
96b81319ad7e781468b165cc10e73a2510947e0d9d98a22dc2e2d941ff77bc0712021b64a576388abd2b6fdf1bfa0567c0ceee6b1fe057e657fd3f6767b9ee01
-
SSDEEP
1536:od0Tgm2iNiNlSXTZJsKYt7WIhqK5MIWUP:q0TgmtJ/skIj51T
Static task
static1
Behavioral task
behavioral1
Sample
bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56dN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56dN.exe
-
Size
65KB
-
MD5
50e889f6c972cef26886a38209c69860
-
SHA1
f11c9874c08363d357a9a36ec7e8f17bf84155c0
-
SHA256
bba066e87f8d779f2ba014bf998f3c3f00385f3e44930dee93c3d4c06af4f56d
-
SHA512
96b81319ad7e781468b165cc10e73a2510947e0d9d98a22dc2e2d941ff77bc0712021b64a576388abd2b6fdf1bfa0567c0ceee6b1fe057e657fd3f6767b9ee01
-
SSDEEP
1536:od0Tgm2iNiNlSXTZJsKYt7WIhqK5MIWUP:q0TgmtJ/skIj51T
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5