General
-
Target
46056e31bc09f462790305fb107e96beaf81e8cd24995090e90c329076fa8054.exe
-
Size
120KB
-
Sample
241222-qzmvnszrgp
-
MD5
65cc4c86901e53f1b29467938dede4be
-
SHA1
5800faf42650109eafba08bd2737d90b4eb09cd3
-
SHA256
46056e31bc09f462790305fb107e96beaf81e8cd24995090e90c329076fa8054
-
SHA512
4a5546deac4d2646b49fa02d56e1ceaa9e6ede7b03d89ee6d8aed5f1be272ea3797364b3b83357d6cadde8b34a20362a9dced88db1a40dacf22b5b8d1ef0c1f5
-
SSDEEP
3072:CRgvSQ2LaQAE7m020Vf1G2DQYa5esWtnW:KgvF2yEK020VfYe3tnW
Static task
static1
Behavioral task
behavioral1
Sample
46056e31bc09f462790305fb107e96beaf81e8cd24995090e90c329076fa8054.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
46056e31bc09f462790305fb107e96beaf81e8cd24995090e90c329076fa8054.exe
-
Size
120KB
-
MD5
65cc4c86901e53f1b29467938dede4be
-
SHA1
5800faf42650109eafba08bd2737d90b4eb09cd3
-
SHA256
46056e31bc09f462790305fb107e96beaf81e8cd24995090e90c329076fa8054
-
SHA512
4a5546deac4d2646b49fa02d56e1ceaa9e6ede7b03d89ee6d8aed5f1be272ea3797364b3b83357d6cadde8b34a20362a9dced88db1a40dacf22b5b8d1ef0c1f5
-
SSDEEP
3072:CRgvSQ2LaQAE7m020Vf1G2DQYa5esWtnW:KgvF2yEK020VfYe3tnW
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5