General
-
Target
3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385aN.exe
-
Size
65KB
-
Sample
241220-cnjrzswpfv
-
MD5
60259aaefbe33c2a8ffc1bec0c3c8410
-
SHA1
7eeeb656efbdd24a8b6b2ce813c58aef05509adf
-
SHA256
3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385a
-
SHA512
64a55d51cab8c685d80bb5620afea4cb209675d595b64108ed855e7ba2a6ea75101b904336dce20f07745e2d29366735f9a1c4963d0ad074521bb3002ddb168d
-
SSDEEP
1536:psMID2hHc+AlDk4xPCvNUygQDbp9AbjWowBx2txy87hH2ha36Cm7:psY8+QfS2ygQvp9AXWooCy87hHW397
Static task
static1
Behavioral task
behavioral1
Sample
3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385aN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385aN.exe
-
Size
65KB
-
MD5
60259aaefbe33c2a8ffc1bec0c3c8410
-
SHA1
7eeeb656efbdd24a8b6b2ce813c58aef05509adf
-
SHA256
3dac5c3f4684d1a7f131d8ce8dd232c54516fe664a87e05caa312c980f42385a
-
SHA512
64a55d51cab8c685d80bb5620afea4cb209675d595b64108ed855e7ba2a6ea75101b904336dce20f07745e2d29366735f9a1c4963d0ad074521bb3002ddb168d
-
SSDEEP
1536:psMID2hHc+AlDk4xPCvNUygQDbp9AbjWowBx2txy87hH2ha36Cm7:psY8+QfS2ygQvp9AXWooCy87hHW397
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5