General
-
Target
e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c
-
Size
5.0MB
-
Sample
241220-jacj3stjby
-
MD5
48f5cb70cd31753680006ac88ebf79cd
-
SHA1
f34394275c3b793252003b4c726a8d33d0eba70e
-
SHA256
e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c
-
SHA512
4bd15b5f362c0b16d9c4aa4f2eb870fd92bb48b0ac68727bf84055991fc5e192614bdb235f3dd1678ca0f2bbbb80042c3012908c1ada7db5fe64dbbeb5498d3a
-
SSDEEP
49152:M8808Nj/P3CRggLTjlzin2Q6ZeCCF4+ITov6g7apCW9kf6LuoCrhyVCvPXZLWgnN:6bNj/vC2Qhi4JT+cI9y5kXZLTW9o
Static task
static1
Behavioral task
behavioral1
Sample
e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c
-
Size
5.0MB
-
MD5
48f5cb70cd31753680006ac88ebf79cd
-
SHA1
f34394275c3b793252003b4c726a8d33d0eba70e
-
SHA256
e3e2664e1c95fd974fc1713117229334d0b510e9c7cc7c5094d08efee530606c
-
SHA512
4bd15b5f362c0b16d9c4aa4f2eb870fd92bb48b0ac68727bf84055991fc5e192614bdb235f3dd1678ca0f2bbbb80042c3012908c1ada7db5fe64dbbeb5498d3a
-
SSDEEP
49152:M8808Nj/P3CRggLTjlzin2Q6ZeCCF4+ITov6g7apCW9kf6LuoCrhyVCvPXZLWgnN:6bNj/vC2Qhi4JT+cI9y5kXZLTW9o
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5