General
-
Target
ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63bN.exe
-
Size
1.1MB
-
Sample
241219-lmwjtsypfx
-
MD5
1c3698bbc99f0bea453d76b58d12ba20
-
SHA1
3dafb852d25011923f7d02678acb57a19193e1d6
-
SHA256
ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63b
-
SHA512
cd6e5c19d0a173570ed81cf1e54f9f7d1364d1e2f1750fa83d9a4e20c89f7129ebccf8e7a66b05f94ff54fb9c5836ebea9373cd300c72a5a96d36467d56c4653
-
SSDEEP
24576:W1/aGLDCM4D8ayGMCPnXo8/4gflI2d+JdjyS:FD8ayGM0XoQr2jyS
Static task
static1
Behavioral task
behavioral1
Sample
ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63bN.exe
Resource
win7-20241023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63bN.exe
-
Size
1.1MB
-
MD5
1c3698bbc99f0bea453d76b58d12ba20
-
SHA1
3dafb852d25011923f7d02678acb57a19193e1d6
-
SHA256
ce8c532ddb51155f91b23426c990269d277bb28bfc99273a0077e136459ce63b
-
SHA512
cd6e5c19d0a173570ed81cf1e54f9f7d1364d1e2f1750fa83d9a4e20c89f7129ebccf8e7a66b05f94ff54fb9c5836ebea9373cd300c72a5a96d36467d56c4653
-
SSDEEP
24576:W1/aGLDCM4D8ayGMCPnXo8/4gflI2d+JdjyS:FD8ayGM0XoQr2jyS
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6