General
-
Target
a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c.exe
-
Size
120KB
-
Sample
250108-h1njlazjax
-
MD5
d2265988dfb4dedf1506075991ac1ab1
-
SHA1
03dd08f7440bca12bb1f738e12429c85395fbb6c
-
SHA256
a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c
-
SHA512
3e454c1b1a68fa22a62be1cd15b7df360e6e3a4e92ee748310a2b89d1f84e4cece7e50029d0e3fe5e0b43ca1acfe03507c06ce8742a25f0f6aab7b06bf6b00e1
-
SSDEEP
3072:ZUoX+8YXAsgA0NF4qbTQS+pZvCNe8bRhiR:BXpsWhMS+TvCNeQG
Static task
static1
Behavioral task
behavioral1
Sample
a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c.dll
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c.exe
-
Size
120KB
-
MD5
d2265988dfb4dedf1506075991ac1ab1
-
SHA1
03dd08f7440bca12bb1f738e12429c85395fbb6c
-
SHA256
a635801a7936fd18c60ca594c5147f0ea80b886432d8f4ee42024e1b2fc9075c
-
SHA512
3e454c1b1a68fa22a62be1cd15b7df360e6e3a4e92ee748310a2b89d1f84e4cece7e50029d0e3fe5e0b43ca1acfe03507c06ce8742a25f0f6aab7b06bf6b00e1
-
SSDEEP
3072:ZUoX+8YXAsgA0NF4qbTQS+pZvCNe8bRhiR:BXpsWhMS+TvCNeQG
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5