General
-
Target
6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4bN.exe
-
Size
120KB
-
Sample
241219-zznlmszpep
-
MD5
8f60ed2769e97f0a08d1fcc1afdf2460
-
SHA1
db7bab678cd71b6c5878165dd26c66f052e31465
-
SHA256
6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4b
-
SHA512
8673122201aed1b90a709cc58c54abc97181d5a99ad138ea620ae6208e080f0ad32a5a9fa9d438e491f2c5fd1d023a4f05c3ee740dd615d5136b0a8f64660221
-
SSDEEP
1536:OUs7Me5B3EjEY9ztekjDgFS+ecnW/9NACQ4YHmVfilRhbRoJgIpKdOo0:a7Me/E3z4wsF7gNnQ48mValDoEO
Static task
static1
Behavioral task
behavioral1
Sample
6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4bN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4bN.exe
-
Size
120KB
-
MD5
8f60ed2769e97f0a08d1fcc1afdf2460
-
SHA1
db7bab678cd71b6c5878165dd26c66f052e31465
-
SHA256
6d60c947ad6b3e320eb798a79cd370ad4a8134ef0e0a0129d583ca778f2b2c4b
-
SHA512
8673122201aed1b90a709cc58c54abc97181d5a99ad138ea620ae6208e080f0ad32a5a9fa9d438e491f2c5fd1d023a4f05c3ee740dd615d5136b0a8f64660221
-
SSDEEP
1536:OUs7Me5B3EjEY9ztekjDgFS+ecnW/9NACQ4YHmVfilRhbRoJgIpKdOo0:a7Me/E3z4wsF7gNnQ48mValDoEO
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5