General
-
Target
2025-04-05_c92d5bfbeba153a4ea4e936db4edf113_black-basta_hijackloader_luca-stealer_remcos
-
Size
2.9MB
-
Sample
250405-fws76sz1ds
-
MD5
c92d5bfbeba153a4ea4e936db4edf113
-
SHA1
6467d7ad5151972f146fa8a384ba563442b5c59b
-
SHA256
96298fd85d765888f331d9ed23ee0373fb12e069eb0ceb5e8cc194a1dba92b7a
-
SHA512
7ec9b46bcc352c8d2dab1519c7aad7179e60eed05e7f2893b0ea4707424b39bf793354f68147460eb46d864d6dbc94aacf232f2e342dd75e2c6c2dd5fccd1c47
-
SSDEEP
49152:mK8O2YA0tbSLx9FoPc99XF55GH662TJPJYEij9tSmqQ7Iffiii+:pH2uti3oE97QHMJmj9obN
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2025-04-05_c92d5bfbeba153a4ea4e936db4edf113_black-basta_hijackloader_luca-stealer_remcos
-
Size
2.9MB
-
MD5
c92d5bfbeba153a4ea4e936db4edf113
-
SHA1
6467d7ad5151972f146fa8a384ba563442b5c59b
-
SHA256
96298fd85d765888f331d9ed23ee0373fb12e069eb0ceb5e8cc194a1dba92b7a
-
SHA512
7ec9b46bcc352c8d2dab1519c7aad7179e60eed05e7f2893b0ea4707424b39bf793354f68147460eb46d864d6dbc94aacf232f2e342dd75e2c6c2dd5fccd1c47
-
SSDEEP
49152:mK8O2YA0tbSLx9FoPc99XF55GH662TJPJYEij9tSmqQ7Iffiii+:pH2uti3oE97QHMJmj9obN
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5