General
-
Target
a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463.exe
-
Size
120KB
-
Sample
241231-g2x9ra1rhx
-
MD5
28d1cbaf7e0e6c26169681a49db9d1ce
-
SHA1
f3066f472e0315e64bd7b18c531c4aabad19398d
-
SHA256
a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463
-
SHA512
a4efc29ef4767fba9661bae165de1a374d870cc1b00ef557f410eafd3c9f742ceb4db8bb817035d4a316b30eb164ecf7def1c667b796bebe8ac60c64ea979feb
-
SSDEEP
3072:sIPmmCgC0uKEs54ATE+tdgmEGs1bLdhLe:sIPmmluKEK4A3dgRP1bLdE
Static task
static1
Behavioral task
behavioral1
Sample
a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463.exe
-
Size
120KB
-
MD5
28d1cbaf7e0e6c26169681a49db9d1ce
-
SHA1
f3066f472e0315e64bd7b18c531c4aabad19398d
-
SHA256
a2d16f11a22c3cd7ba1f8216c3c64f21c2ac1c2181a1b583dc4fc627fff1d463
-
SHA512
a4efc29ef4767fba9661bae165de1a374d870cc1b00ef557f410eafd3c9f742ceb4db8bb817035d4a316b30eb164ecf7def1c667b796bebe8ac60c64ea979feb
-
SSDEEP
3072:sIPmmCgC0uKEs54ATE+tdgmEGs1bLdhLe:sIPmmluKEK4A3dgRP1bLdE
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5