General
-
Target
2b0318b4bfadf0d1a494368a27e7a93bc6ec522a82a204622f9dae4583d3abb1N.exe
-
Size
120KB
-
Sample
241219-y355esyqfl
-
MD5
18ca82300bbcd4d802173cda39e19770
-
SHA1
9938224c70b6f45d5c69c95f92c573099564b101
-
SHA256
2b0318b4bfadf0d1a494368a27e7a93bc6ec522a82a204622f9dae4583d3abb1
-
SHA512
a29abbad20f0a85c361882f9ec6614e81b287d792e17fbacebb556c31d5ef115018f95054b7db06285ba34656e976d3bbf88982f03c38aeb40383fbf0a2d4357
-
SSDEEP
3072:0LPJUKLLRjZhr6RwwdXOWEe/+91eGHrfa:09U2LXhrFaEnfjTa
Static task
static1
Behavioral task
behavioral1
Sample
2b0318b4bfadf0d1a494368a27e7a93bc6ec522a82a204622f9dae4583d3abb1N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2b0318b4bfadf0d1a494368a27e7a93bc6ec522a82a204622f9dae4583d3abb1N.exe
-
Size
120KB
-
MD5
18ca82300bbcd4d802173cda39e19770
-
SHA1
9938224c70b6f45d5c69c95f92c573099564b101
-
SHA256
2b0318b4bfadf0d1a494368a27e7a93bc6ec522a82a204622f9dae4583d3abb1
-
SHA512
a29abbad20f0a85c361882f9ec6614e81b287d792e17fbacebb556c31d5ef115018f95054b7db06285ba34656e976d3bbf88982f03c38aeb40383fbf0a2d4357
-
SSDEEP
3072:0LPJUKLLRjZhr6RwwdXOWEe/+91eGHrfa:09U2LXhrFaEnfjTa
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5