General
-
Target
f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
-
Size
3.0MB
-
Sample
250328-3adlxstvfz
-
MD5
89aef9d7c46206f1242715d21e5eae63
-
SHA1
22fcb58474df30cb598c9b59ab4f9cfd61aaaf74
-
SHA256
f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
-
SHA512
474b288557f9c5c22bf818225160cd09fcf1c740c64aa9b19d20d896a5490229be9c30b1fb90458d8f19139ecfc13aebb4dcb848f25dc32e8380946902a16cf4
-
SSDEEP
49152:2Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAi86LqmQKzeFH/LNqAznw4M:2+ruj+CLflabdSgGh46OFGUw4M
Static task
static1
Behavioral task
behavioral1
Sample
f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
-
Size
3.0MB
-
MD5
89aef9d7c46206f1242715d21e5eae63
-
SHA1
22fcb58474df30cb598c9b59ab4f9cfd61aaaf74
-
SHA256
f9341d529a2bbb219654998db029c36fe1c520ac96111ef4bfcba85570a41f56
-
SHA512
474b288557f9c5c22bf818225160cd09fcf1c740c64aa9b19d20d896a5490229be9c30b1fb90458d8f19139ecfc13aebb4dcb848f25dc32e8380946902a16cf4
-
SSDEEP
49152:2Z4rujE/CLlVl80CdSI3LdmLgWtAjkhAi86LqmQKzeFH/LNqAznw4M:2+ruj+CLflabdSgGh46OFGUw4M
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5