General
-
Target
5ad27176608dae8e7b2833f8fc41b1051f532996dbfbf1c838910e7d38c04eacN.exe
-
Size
120KB
-
Sample
241219-lbw18aykh1
-
MD5
b60ecec4e897b588d82f0f6979731480
-
SHA1
51e13f7ea436c940d5ca5808da4cffaaee9aa664
-
SHA256
5ad27176608dae8e7b2833f8fc41b1051f532996dbfbf1c838910e7d38c04eac
-
SHA512
3cf83f9406760f8a3fd12ec6908600d73197a057e72c764cb267c74454a1392d35c0100f6c4023fe4894a6261dadf95c2c648fd6a7f3cc8eec67c89919e74662
-
SSDEEP
3072:Ho+CyN4Xnld4YwjcNi+g4dzAm8Ws4Py7+1:7Cyanld4HGPJdznjDPy0
Static task
static1
Behavioral task
behavioral1
Sample
5ad27176608dae8e7b2833f8fc41b1051f532996dbfbf1c838910e7d38c04eacN.dll
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
5ad27176608dae8e7b2833f8fc41b1051f532996dbfbf1c838910e7d38c04eacN.exe
-
Size
120KB
-
MD5
b60ecec4e897b588d82f0f6979731480
-
SHA1
51e13f7ea436c940d5ca5808da4cffaaee9aa664
-
SHA256
5ad27176608dae8e7b2833f8fc41b1051f532996dbfbf1c838910e7d38c04eac
-
SHA512
3cf83f9406760f8a3fd12ec6908600d73197a057e72c764cb267c74454a1392d35c0100f6c4023fe4894a6261dadf95c2c648fd6a7f3cc8eec67c89919e74662
-
SSDEEP
3072:Ho+CyN4Xnld4YwjcNi+g4dzAm8Ws4Py7+1:7Cyanld4HGPJdznjDPy0
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5