General
-
Target
2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442N.exe
-
Size
120KB
-
Sample
241219-zep9qsyphz
-
MD5
4a5fadd44f38c0c927de89fb8f6a19a0
-
SHA1
d4c9ae89118bd4c3cedd8fe167118fa06390da22
-
SHA256
2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442
-
SHA512
163cfdfd35f0b82e457885d6519fe203febdcba8d127b6b8434d11202df278f669cff557281852270f502a5c542a7591417eca07e96579e9e1541e93788e0e94
-
SSDEEP
3072:vyBypFoaosoj8asWYwBnTT3dzAR9LO1hd/:vyBGGPsoj8sBTT3efK
Static task
static1
Behavioral task
behavioral1
Sample
2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442N.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442N.exe
-
Size
120KB
-
MD5
4a5fadd44f38c0c927de89fb8f6a19a0
-
SHA1
d4c9ae89118bd4c3cedd8fe167118fa06390da22
-
SHA256
2eb8769e8f0beef17ed16b7ecf4a5ffe3cc7119f9dbe2162a46f00871e627442
-
SHA512
163cfdfd35f0b82e457885d6519fe203febdcba8d127b6b8434d11202df278f669cff557281852270f502a5c542a7591417eca07e96579e9e1541e93788e0e94
-
SSDEEP
3072:vyBypFoaosoj8asWYwBnTT3dzAR9LO1hd/:vyBGGPsoj8sBTT3efK
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5