General
-
Target
a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1bN.exe
-
Size
120KB
-
Sample
241219-zlndqazlgl
-
MD5
9e5233f37a12ef01a5e6d5ce052ec3f0
-
SHA1
b0d053b7f1f9277799c0c37c766e097a004df713
-
SHA256
a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1b
-
SHA512
1325f5be443a5e40bd094e2aba7ec0741db072f31834cf045a893c8379d5db5ddf74df3c69d8cd35dab1a55f617f2e06b54e1fc0518a34640579585bfc8e7750
-
SSDEEP
3072:CJ4TniKE35L+2AZJk+dUz8LTDBBWXSA9C2lW:CJun1i2Z0zqBBOSAfW
Static task
static1
Behavioral task
behavioral1
Sample
a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1bN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1bN.exe
-
Size
120KB
-
MD5
9e5233f37a12ef01a5e6d5ce052ec3f0
-
SHA1
b0d053b7f1f9277799c0c37c766e097a004df713
-
SHA256
a9a1a9af1b236e2e254baca78f8bfb3883060b5ac50c35fa63cfa3a6c840ad1b
-
SHA512
1325f5be443a5e40bd094e2aba7ec0741db072f31834cf045a893c8379d5db5ddf74df3c69d8cd35dab1a55f617f2e06b54e1fc0518a34640579585bfc8e7750
-
SSDEEP
3072:CJ4TniKE35L+2AZJk+dUz8LTDBBWXSA9C2lW:CJun1i2Z0zqBBOSAfW
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5