General
-
Target
fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd.exe
-
Size
624KB
-
Sample
241222-t7sbxatmax
-
MD5
ef7f6311e29192dff8699df2780477b7
-
SHA1
982133187b07f58c91c4eeb9e8f1b1edaf7bdc84
-
SHA256
fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd
-
SHA512
824fedaa0ed21c68acd0a3dc63c1f93ed7d2776b9f0fa746f0a0902d4e160780688a956b055fb9e6ff1100b7133ab12b98312cb4945b566c391c1919a8b20202
-
SSDEEP
12288:8hpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUVrCsB9ks:8/jG01NHXaPlCs1
Static task
static1
Behavioral task
behavioral1
Sample
fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd.exe
-
Size
624KB
-
MD5
ef7f6311e29192dff8699df2780477b7
-
SHA1
982133187b07f58c91c4eeb9e8f1b1edaf7bdc84
-
SHA256
fa73085ab18b3c1878366c12734c1dc31f0f6b5b404d18f8a702659ffed3aebd
-
SHA512
824fedaa0ed21c68acd0a3dc63c1f93ed7d2776b9f0fa746f0a0902d4e160780688a956b055fb9e6ff1100b7133ab12b98312cb4945b566c391c1919a8b20202
-
SSDEEP
12288:8hpUrEIZJqr1AkBWwNa5R0EYl795/amaX3QXaPKUVrCsB9ks:8/jG01NHXaPlCs1
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Ramnit family
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7