General
-
Target
d18d35582cff0fde88c59cfef4117f96972dedcd0d593bf7346d3554b1abea77N.exe
-
Size
97KB
-
Sample
241219-y5r1ksyraq
-
MD5
6c20d844fec4c69fa3414ac869e800d0
-
SHA1
a4b0c577e9e08569e0aac78f9d180b8b97908177
-
SHA256
d18d35582cff0fde88c59cfef4117f96972dedcd0d593bf7346d3554b1abea77
-
SHA512
802df5b8805269b9930cb53b66ec6a9cc729cdf48a162c385ee14af27d35858a6b46ac4a70b28565565679a907d82955285ca7ae5961065e25e41e56588d586a
-
SSDEEP
1536:9lJWmyU0QlNv5/yylQ4bYbm+H9/i1QepSkBO1XPTEfShSXfoVKeB4ACMeiL:9lJW/wNB/H/qM1QSVO1XYASXsBP
Static task
static1
Behavioral task
behavioral1
Sample
d18d35582cff0fde88c59cfef4117f96972dedcd0d593bf7346d3554b1abea77N.exe
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d18d35582cff0fde88c59cfef4117f96972dedcd0d593bf7346d3554b1abea77N.exe
-
Size
97KB
-
MD5
6c20d844fec4c69fa3414ac869e800d0
-
SHA1
a4b0c577e9e08569e0aac78f9d180b8b97908177
-
SHA256
d18d35582cff0fde88c59cfef4117f96972dedcd0d593bf7346d3554b1abea77
-
SHA512
802df5b8805269b9930cb53b66ec6a9cc729cdf48a162c385ee14af27d35858a6b46ac4a70b28565565679a907d82955285ca7ae5961065e25e41e56588d586a
-
SSDEEP
1536:9lJWmyU0QlNv5/yylQ4bYbm+H9/i1QepSkBO1XPTEfShSXfoVKeB4ACMeiL:9lJW/wNB/H/qM1QSVO1XYASXsBP
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5