General
-
Target
b70d881d591abf34c65248f8274ded11b9ba6595db89d6466a9dff2bcaaebe59N.exe
-
Size
120KB
-
Sample
241219-m1a1qa1nhz
-
MD5
1fc4f311e039dd4cf9a99152be1a5a00
-
SHA1
cb31d42dc3b268e6564d2dc3faa518653c347b7e
-
SHA256
b70d881d591abf34c65248f8274ded11b9ba6595db89d6466a9dff2bcaaebe59
-
SHA512
7d5bb5fc8de9d84adb542b93d2e0d5d97d1ab98c675f64f914e22f9b9b8ebe4c21a669af21699e879009e220ebd1a99ec6e19fa1940e6183435197f99a81a4bf
-
SSDEEP
3072:fTCwdPp1SuemFHdbmbeaye88fi75rp209X:fTnfTd5mSW5Olx
Static task
static1
Behavioral task
behavioral1
Sample
b70d881d591abf34c65248f8274ded11b9ba6595db89d6466a9dff2bcaaebe59N.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b70d881d591abf34c65248f8274ded11b9ba6595db89d6466a9dff2bcaaebe59N.exe
-
Size
120KB
-
MD5
1fc4f311e039dd4cf9a99152be1a5a00
-
SHA1
cb31d42dc3b268e6564d2dc3faa518653c347b7e
-
SHA256
b70d881d591abf34c65248f8274ded11b9ba6595db89d6466a9dff2bcaaebe59
-
SHA512
7d5bb5fc8de9d84adb542b93d2e0d5d97d1ab98c675f64f914e22f9b9b8ebe4c21a669af21699e879009e220ebd1a99ec6e19fa1940e6183435197f99a81a4bf
-
SSDEEP
3072:fTCwdPp1SuemFHdbmbeaye88fi75rp209X:fTnfTd5mSW5Olx
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5