General
-
Target
7b4380611ea3e6062bb8f9bdd7aba500d6d8b6739f06fe97772b0cbe205f1ed8
-
Size
3.0MB
-
Sample
250328-264mjsvpy3
-
MD5
e7e7c8752646bdc7d1276fc35670fac3
-
SHA1
8500dd473b6a12424b64592b236928344c30fec2
-
SHA256
7b4380611ea3e6062bb8f9bdd7aba500d6d8b6739f06fe97772b0cbe205f1ed8
-
SHA512
a8ca05777fa122673c834c9d267d24790bcfe8c7f525fa44532b5017006c67b80f03d4547d0366007947e9ca2cf3f7308213d3baff057ac72611285192fc1e11
-
SSDEEP
49152:xZ4rujE/CLlVl80CdSI3LdmLgWtAjkhA686LqmQKzeFH/LNqAznwzeD:x+ruj+CLflabdSgGhs6OFGUw6D
Static task
static1
Behavioral task
behavioral1
Sample
7b4380611ea3e6062bb8f9bdd7aba500d6d8b6739f06fe97772b0cbe205f1ed8.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7b4380611ea3e6062bb8f9bdd7aba500d6d8b6739f06fe97772b0cbe205f1ed8
-
Size
3.0MB
-
MD5
e7e7c8752646bdc7d1276fc35670fac3
-
SHA1
8500dd473b6a12424b64592b236928344c30fec2
-
SHA256
7b4380611ea3e6062bb8f9bdd7aba500d6d8b6739f06fe97772b0cbe205f1ed8
-
SHA512
a8ca05777fa122673c834c9d267d24790bcfe8c7f525fa44532b5017006c67b80f03d4547d0366007947e9ca2cf3f7308213d3baff057ac72611285192fc1e11
-
SSDEEP
49152:xZ4rujE/CLlVl80CdSI3LdmLgWtAjkhA686LqmQKzeFH/LNqAznwzeD:x+ruj+CLflabdSgGhs6OFGUw6D
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5