General
-
Target
821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0N.exe
-
Size
65KB
-
Sample
241219-nc7kfssmhp
-
MD5
44b4382c665b14a30f5876e060c612b0
-
SHA1
68678139e399bac7d95f0f9eb0d4c7f09cf8520f
-
SHA256
821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0
-
SHA512
b5c27fc50a4e179ae9caf15d4fbc4fe1f81cf59dcdf94d88cdbf0307fac9533594b7124b20458b040f41ce9d2360418f96c5cdc0c1b36f1775faf6ad851f8cf5
-
SSDEEP
1536:iyu8/5wHoqghnUU+S+Yk4IFYei8wdCS+fkAQWLsAjGD2hjl:vfT+Sjk+l8nS+JLtQ2hp
Static task
static1
Behavioral task
behavioral1
Sample
821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0N.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0N.exe
-
Size
65KB
-
MD5
44b4382c665b14a30f5876e060c612b0
-
SHA1
68678139e399bac7d95f0f9eb0d4c7f09cf8520f
-
SHA256
821b8085c3b1564209d9f322f72a7ebca84ecfab5fabefe1333cb69331565ff0
-
SHA512
b5c27fc50a4e179ae9caf15d4fbc4fe1f81cf59dcdf94d88cdbf0307fac9533594b7124b20458b040f41ce9d2360418f96c5cdc0c1b36f1775faf6ad851f8cf5
-
SSDEEP
1536:iyu8/5wHoqghnUU+S+Yk4IFYei8wdCS+fkAQWLsAjGD2hjl:vfT+Sjk+l8nS+JLtQ2hp
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5