General
-
Target
e63d0241072b0c54aa33feca3c08b217e13a337e554aac2d579d15b60f1ecc50
-
Size
732KB
-
Sample
240629-ey2fwstfjl
-
MD5
113aaec1011cf6a0e1db11100b603d36
-
SHA1
eb68cbe430ec0b1e3c07a81819f09dd84de31e4e
-
SHA256
e63d0241072b0c54aa33feca3c08b217e13a337e554aac2d579d15b60f1ecc50
-
SHA512
77c9ee398ba36e9b13270ffe467c72cc54a099e607a57672c80e9dfc1516ef3f11dc189b0f8faf7ce5751c18fdd1684e74b33503b2b0524ee205f65427746c43
-
SSDEEP
12288:RTyjXW+48qWywrU4kGFezOAVuJ5PIIww7F5DO3HYffJQC:VIXW/8yw1ez54lIeF5SXYHJ7
Static task
static1
Behavioral task
behavioral1
Sample
e63d0241072b0c54aa33feca3c08b217e13a337e554aac2d579d15b60f1ecc50.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
e63d0241072b0c54aa33feca3c08b217e13a337e554aac2d579d15b60f1ecc50
-
Size
732KB
-
MD5
113aaec1011cf6a0e1db11100b603d36
-
SHA1
eb68cbe430ec0b1e3c07a81819f09dd84de31e4e
-
SHA256
e63d0241072b0c54aa33feca3c08b217e13a337e554aac2d579d15b60f1ecc50
-
SHA512
77c9ee398ba36e9b13270ffe467c72cc54a099e607a57672c80e9dfc1516ef3f11dc189b0f8faf7ce5751c18fdd1684e74b33503b2b0524ee205f65427746c43
-
SSDEEP
12288:RTyjXW+48qWywrU4kGFezOAVuJ5PIIww7F5DO3HYffJQC:VIXW/8yw1ez54lIeF5SXYHJ7
-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
8Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1