General
-
Target
2025-04-05_aadb7864b1c21a13b443e76b0d54ac98_amadey_rhadamanthys_smoke-loader
-
Size
166KB
-
Sample
250405-fhpb3asrw7
-
MD5
aadb7864b1c21a13b443e76b0d54ac98
-
SHA1
d806f3e654ceecd4ac2ee6a2f27d7d05166f09c2
-
SHA256
96bebf42237825f186807b1b92d4e23dd0af339245ae55b0fa2fcbc7274bff44
-
SHA512
12cbaa3cc2ed50f964679a7c4f155923c5955f3b8a1d684e3b0bb7cffcfbf8af111f5af6975c8dae26a1006368cd50705baf0da50d57cef7f4bfdd31cd569d4b
-
SSDEEP
3072:G6R8q6hDaAyQIrZBbSJN/Q6+msYXcxQczmQEgdO4HW43:G6R8q6lpYAQny4jzBRz243
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2025-04-05_aadb7864b1c21a13b443e76b0d54ac98_amadey_rhadamanthys_smoke-loader
-
Size
166KB
-
MD5
aadb7864b1c21a13b443e76b0d54ac98
-
SHA1
d806f3e654ceecd4ac2ee6a2f27d7d05166f09c2
-
SHA256
96bebf42237825f186807b1b92d4e23dd0af339245ae55b0fa2fcbc7274bff44
-
SHA512
12cbaa3cc2ed50f964679a7c4f155923c5955f3b8a1d684e3b0bb7cffcfbf8af111f5af6975c8dae26a1006368cd50705baf0da50d57cef7f4bfdd31cd569d4b
-
SSDEEP
3072:G6R8q6hDaAyQIrZBbSJN/Q6+msYXcxQczmQEgdO4HW43:G6R8q6lpYAQny4jzBRz243
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7