General
-
Target
27e1e32462256dbac2d9424a13f2ba083255fc4810d2baaf276cd12482dd44f5N.exe
-
Size
120KB
-
Sample
241219-mvhtda1mex
-
MD5
fc800e7af06a725d097500a38222d720
-
SHA1
6560b6b99711b8fb0c87dc3ad0c7f47ea1a7ce0b
-
SHA256
27e1e32462256dbac2d9424a13f2ba083255fc4810d2baaf276cd12482dd44f5
-
SHA512
32d88e7cfa180507fbc23293a129163626421f92903afbdef3f8225dc3f47b19df85d3fa8bf04aa527fbddc253d93e9067b5aff742a29133ace927ee11c3216c
-
SSDEEP
3072:+XK5GMYqO3NT0aEO4eXXBQdzmKcuiYsqJ3frne:+0/uV3nXMZcuLV3frn
Static task
static1
Behavioral task
behavioral1
Sample
27e1e32462256dbac2d9424a13f2ba083255fc4810d2baaf276cd12482dd44f5N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
27e1e32462256dbac2d9424a13f2ba083255fc4810d2baaf276cd12482dd44f5N.exe
-
Size
120KB
-
MD5
fc800e7af06a725d097500a38222d720
-
SHA1
6560b6b99711b8fb0c87dc3ad0c7f47ea1a7ce0b
-
SHA256
27e1e32462256dbac2d9424a13f2ba083255fc4810d2baaf276cd12482dd44f5
-
SHA512
32d88e7cfa180507fbc23293a129163626421f92903afbdef3f8225dc3f47b19df85d3fa8bf04aa527fbddc253d93e9067b5aff742a29133ace927ee11c3216c
-
SSDEEP
3072:+XK5GMYqO3NT0aEO4eXXBQdzmKcuiYsqJ3frne:+0/uV3nXMZcuLV3frn
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5