General
-
Target
b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4fN.exe
-
Size
120KB
-
Sample
241220-efl89azkek
-
MD5
b5b470c2dff8b27a38604733c9c3ef50
-
SHA1
c79bbead38360d3e013d1e665a86c6efb2bbaadc
-
SHA256
b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4f
-
SHA512
b2908f86fd71d667e7d812f9a3d4733d9ad75e13e4f1d73579848bcd1f0bdfee91c055b1f51204ddd7d2183ba2e49462b96da3ac74d5f577f2e53f6d897a6975
-
SSDEEP
1536:wdItgk5pFOVbCVU6LMoFiGLpwpzl5dUzANHGVYbRjN7iEEki8PKzSumcAI:cUfYIV/7KPUzANT7iEE78PKzdpZ
Static task
static1
Behavioral task
behavioral1
Sample
b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4fN.dll
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4fN.exe
-
Size
120KB
-
MD5
b5b470c2dff8b27a38604733c9c3ef50
-
SHA1
c79bbead38360d3e013d1e665a86c6efb2bbaadc
-
SHA256
b9660b106f127000d1a856cc57b05d8e90f80bab0f014262191e21d724cf5b4f
-
SHA512
b2908f86fd71d667e7d812f9a3d4733d9ad75e13e4f1d73579848bcd1f0bdfee91c055b1f51204ddd7d2183ba2e49462b96da3ac74d5f577f2e53f6d897a6975
-
SSDEEP
1536:wdItgk5pFOVbCVU6LMoFiGLpwpzl5dUzANHGVYbRjN7iEEki8PKzSumcAI:cUfYIV/7KPUzANT7iEE78PKzdpZ
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5