General
-
Target
bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462
-
Size
97KB
-
Sample
241228-cp5e3stpat
-
MD5
bdc2b1e614d524b549bc605d7edc508d
-
SHA1
cdfc339cb00bc5fcfe37a0b6b6e796f33c874d41
-
SHA256
bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462
-
SHA512
9453a87cd700611ba43594ed4768522060d8e67e9bdfa7a0d77ec5cee5c98eb6a11bc12e57975a3b16e02296dc1c533c9f7dee8ba75aec0ec71fdfdcda947721
-
SSDEEP
1536:TM9gqKjL/kBx8vvUkKT7PGvnpIXNhXik5Ym4oj4jcfrarU2w2VUXug:TM9gvbkBkMkKUpsNhrYCj4AfV2w2VU
Static task
static1
Behavioral task
behavioral1
Sample
bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462
-
Size
97KB
-
MD5
bdc2b1e614d524b549bc605d7edc508d
-
SHA1
cdfc339cb00bc5fcfe37a0b6b6e796f33c874d41
-
SHA256
bcbc93edf19f723522e00ebe949ade0392a0327d7406f3f33236aead9f264462
-
SHA512
9453a87cd700611ba43594ed4768522060d8e67e9bdfa7a0d77ec5cee5c98eb6a11bc12e57975a3b16e02296dc1c533c9f7dee8ba75aec0ec71fdfdcda947721
-
SSDEEP
1536:TM9gqKjL/kBx8vvUkKT7PGvnpIXNhXik5Ym4oj4jcfrarU2w2VUXug:TM9gvbkBkMkKUpsNhrYCj4AfV2w2VU
-
Modifies firewall policy service
-
Sality family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5