General
-
Target
d2f6e8823aadf0327387ee43f72150f0b9daf58d958abbcd70e1d8a3d11fdc6fN.exe
-
Size
311KB
-
Sample
241222-s753bssrdl
-
MD5
a7edf36f9caa29297f52c4ccac273500
-
SHA1
5331f3d8151335ec04602a0f199c42c8989d2a0c
-
SHA256
d2f6e8823aadf0327387ee43f72150f0b9daf58d958abbcd70e1d8a3d11fdc6f
-
SHA512
323c8c42de66c366395f9ccefcca0ff67bb4c64cd03a2843c575735cffdbe0abcae87010cc55a92b30c9f20a8312671c6bde4af5853b64914bedfd7bc7904446
-
SSDEEP
6144:2R2J0LS6Vgb8qG7ZDqqGoH4iToATg1PBnnykONu:2Rm0OqgtGBPl4UoHnn1r
Static task
static1
Behavioral task
behavioral1
Sample
d2f6e8823aadf0327387ee43f72150f0b9daf58d958abbcd70e1d8a3d11fdc6fN.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d2f6e8823aadf0327387ee43f72150f0b9daf58d958abbcd70e1d8a3d11fdc6fN.exe
-
Size
311KB
-
MD5
a7edf36f9caa29297f52c4ccac273500
-
SHA1
5331f3d8151335ec04602a0f199c42c8989d2a0c
-
SHA256
d2f6e8823aadf0327387ee43f72150f0b9daf58d958abbcd70e1d8a3d11fdc6f
-
SHA512
323c8c42de66c366395f9ccefcca0ff67bb4c64cd03a2843c575735cffdbe0abcae87010cc55a92b30c9f20a8312671c6bde4af5853b64914bedfd7bc7904446
-
SSDEEP
6144:2R2J0LS6Vgb8qG7ZDqqGoH4iToATg1PBnnykONu:2Rm0OqgtGBPl4UoHnn1r
-
Modifies firewall policy service
-
Ramnit family
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
5Disable or Modify System Firewall
2Disable or Modify Tools
3Modify Registry
6