General
-
Target
b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84
-
Size
120KB
-
Sample
250108-hmqf2aymfz
-
MD5
49161caff8c5ad6d965c7a0b1a33f5f0
-
SHA1
5d23341d7adb9d1c237aab9dd3a8dddf91b454fb
-
SHA256
b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84
-
SHA512
8cf2c9cd55e1fc86b461c15dea3807f3cd547c5cde6f283d5bace5817a9f4aa9c8470f8373d562b23a50ce3df8d7b57353741ef1309d769e573162c2b6620854
-
SSDEEP
1536:E3ZuT+Q/YpsNboOpfD1H2TDxBoUMrw0vF80vUZCYooWwx1/wF:EJFDp62TDLoIwF3vU8Yoov
Static task
static1
Behavioral task
behavioral1
Sample
b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84
-
Size
120KB
-
MD5
49161caff8c5ad6d965c7a0b1a33f5f0
-
SHA1
5d23341d7adb9d1c237aab9dd3a8dddf91b454fb
-
SHA256
b3b3014eb1f8a99fbc18efaaf732a0b8276657148cf49b721f3c00983f81db84
-
SHA512
8cf2c9cd55e1fc86b461c15dea3807f3cd547c5cde6f283d5bace5817a9f4aa9c8470f8373d562b23a50ce3df8d7b57353741ef1309d769e573162c2b6620854
-
SSDEEP
1536:E3ZuT+Q/YpsNboOpfD1H2TDxBoUMrw0vF80vUZCYooWwx1/wF:EJFDp62TDLoIwF3vU8Yoov
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5