General
-
Target
1c86884ba69d0250185405606a4eb699d546004fff8a5f88d07fed066a460d0bN.exe
-
Size
120KB
-
Sample
241219-y8jtdaynbz
-
MD5
f00ae4bdbaa9bbc57e51ba833dfd8950
-
SHA1
9f5b6e11a22a051bba58a3973a76a7d099d14b43
-
SHA256
1c86884ba69d0250185405606a4eb699d546004fff8a5f88d07fed066a460d0b
-
SHA512
1d7bd69e881d1fe748a0c946cd0812cf558ea0f21fb4d28685ee918010ee066ab604a888a18a490fe655b14b7d11f354560c4698e4373d29566e88eded004971
-
SSDEEP
3072:T6zf/0IaPB4Wh709StVW+9yFztGZiHvr6UGatqYG4:TWf6Z4g0kW+EFwiHNGv
Static task
static1
Behavioral task
behavioral1
Sample
1c86884ba69d0250185405606a4eb699d546004fff8a5f88d07fed066a460d0bN.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1c86884ba69d0250185405606a4eb699d546004fff8a5f88d07fed066a460d0bN.exe
-
Size
120KB
-
MD5
f00ae4bdbaa9bbc57e51ba833dfd8950
-
SHA1
9f5b6e11a22a051bba58a3973a76a7d099d14b43
-
SHA256
1c86884ba69d0250185405606a4eb699d546004fff8a5f88d07fed066a460d0b
-
SHA512
1d7bd69e881d1fe748a0c946cd0812cf558ea0f21fb4d28685ee918010ee066ab604a888a18a490fe655b14b7d11f354560c4698e4373d29566e88eded004971
-
SSDEEP
3072:T6zf/0IaPB4Wh709StVW+9yFztGZiHvr6UGatqYG4:TWf6Z4g0kW+EFwiHNGv
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5