General
-
Target
fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244N.exe
-
Size
97KB
-
Sample
241219-nyjerasrdy
-
MD5
30b58ea48cfee2b7bdc0074ae9059810
-
SHA1
a8b0035cbb317dd505f4d86f3c2166e34840c76e
-
SHA256
fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244
-
SHA512
ea862fc4d4c93a9cf1d8840281c84ff683ed1863994ad181ddd98319fac69fbf574c5d51ac1aa798f7283a639c799c14ebde19af5717a6452fcfdddb98b79ea6
-
SSDEEP
1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiM:iPS7mwI1L+NB2NoeWdETMFQNU1M
Static task
static1
Behavioral task
behavioral1
Sample
fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244N.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244N.exe
-
Size
97KB
-
MD5
30b58ea48cfee2b7bdc0074ae9059810
-
SHA1
a8b0035cbb317dd505f4d86f3c2166e34840c76e
-
SHA256
fd37499f898c8e4272b152661fd987e1617efb003fd42430f3a78f96e3143244
-
SHA512
ea862fc4d4c93a9cf1d8840281c84ff683ed1863994ad181ddd98319fac69fbf574c5d51ac1aa798f7283a639c799c14ebde19af5717a6452fcfdddb98b79ea6
-
SSDEEP
1536:iPS7NAHm2WBI3wI19x+NYbY2NJueWdEfZJrINFQPaPkkLWRiM:iPS7mwI1L+NB2NoeWdETMFQNU1M
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5