General
-
Target
24ca33ca428b2292ab7cc0d4c2950a76ab79e455d66ea7506ecdc300a68074ba
-
Size
740KB
-
Sample
240628-yccp7ashqm
-
MD5
0ad338265d75150f736ddc5c1ae69125
-
SHA1
20953aa36c97212e7737803b9ff7f1d30de60069
-
SHA256
24ca33ca428b2292ab7cc0d4c2950a76ab79e455d66ea7506ecdc300a68074ba
-
SHA512
d1b3cbfea56cd0b5d1420194d021d7af56df8069f15167efa5b69058ac1dd94d4cae78aa5046bd4fed7c6957624e3099a1c9a9f6575daa6a64e0a19e5aed50fc
-
SSDEEP
12288:8TyjXW+48qWywrU4kGFezOAVuJ5PIoww7F5DO3HYff1Tq/Scj:KIXW/8yw1ez54lI+F5SXYHhq/Dj
Static task
static1
Behavioral task
behavioral1
Sample
24ca33ca428b2292ab7cc0d4c2950a76ab79e455d66ea7506ecdc300a68074ba.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
24ca33ca428b2292ab7cc0d4c2950a76ab79e455d66ea7506ecdc300a68074ba
-
Size
740KB
-
MD5
0ad338265d75150f736ddc5c1ae69125
-
SHA1
20953aa36c97212e7737803b9ff7f1d30de60069
-
SHA256
24ca33ca428b2292ab7cc0d4c2950a76ab79e455d66ea7506ecdc300a68074ba
-
SHA512
d1b3cbfea56cd0b5d1420194d021d7af56df8069f15167efa5b69058ac1dd94d4cae78aa5046bd4fed7c6957624e3099a1c9a9f6575daa6a64e0a19e5aed50fc
-
SSDEEP
12288:8TyjXW+48qWywrU4kGFezOAVuJ5PIoww7F5DO3HYff1Tq/Scj:KIXW/8yw1ez54lI+F5SXYHhq/Dj
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
8Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1