General
-
Target
e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342cN.exe
-
Size
120KB
-
Sample
250108-hsnjma1nfn
-
MD5
01dace3784066009179cd03c6ba35d50
-
SHA1
b53de9e894a741bbf41b6c01ff5d4119c10147cf
-
SHA256
e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342c
-
SHA512
43eba23b75c6b085914a6ced1da3882d16266080f2f5f1909679aceeef6294bdf9c5f6fcfb424e8264043110a820e578670635b69da220fc5acb37d1ecfff3f9
-
SSDEEP
3072:icwLFX5dPOHTaXfG9JuxoV9ZInZbWCCj:KFX54HTaX8JBV9+ZbfC
Static task
static1
Behavioral task
behavioral1
Sample
e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342cN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342cN.exe
-
Size
120KB
-
MD5
01dace3784066009179cd03c6ba35d50
-
SHA1
b53de9e894a741bbf41b6c01ff5d4119c10147cf
-
SHA256
e22a522c24787762f379b44c2849fac03b64a6579dd1bee2ea488cd299aa342c
-
SHA512
43eba23b75c6b085914a6ced1da3882d16266080f2f5f1909679aceeef6294bdf9c5f6fcfb424e8264043110a820e578670635b69da220fc5acb37d1ecfff3f9
-
SSDEEP
3072:icwLFX5dPOHTaXfG9JuxoV9ZInZbWCCj:KFX54HTaX8JBV9+ZbfC
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5