General
-
Target
0726bb3e17a3767a59c0cf84543f95189fbe46b3b3c209f0a126d82aebe13320
-
Size
120KB
-
Sample
240630-w2ymvasbne
-
MD5
96a281d0811589bbfd15fffb6b24779c
-
SHA1
2632489eb13cd8ba4e55b850ffa6cec6275ad2c5
-
SHA256
0726bb3e17a3767a59c0cf84543f95189fbe46b3b3c209f0a126d82aebe13320
-
SHA512
9380488aad0c507bc0197470674a5618b4a0d14f7dd2e214ab0162a7d22c56c300fab74ab3d840c49405eaf18bd65f416078c1bb1a22feb6ea513f769b3f9ed7
-
SSDEEP
1536:kj8cBPBdFbMA0V8CVQ7H6qmEaskkSkwTBR3K4mR6ouqb2ouOLmelowvrD:Y0ViaqEscDTLLLouqCoaQz
Static task
static1
Behavioral task
behavioral1
Sample
0726bb3e17a3767a59c0cf84543f95189fbe46b3b3c209f0a126d82aebe13320.dll
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0726bb3e17a3767a59c0cf84543f95189fbe46b3b3c209f0a126d82aebe13320
-
Size
120KB
-
MD5
96a281d0811589bbfd15fffb6b24779c
-
SHA1
2632489eb13cd8ba4e55b850ffa6cec6275ad2c5
-
SHA256
0726bb3e17a3767a59c0cf84543f95189fbe46b3b3c209f0a126d82aebe13320
-
SHA512
9380488aad0c507bc0197470674a5618b4a0d14f7dd2e214ab0162a7d22c56c300fab74ab3d840c49405eaf18bd65f416078c1bb1a22feb6ea513f769b3f9ed7
-
SSDEEP
1536:kj8cBPBdFbMA0V8CVQ7H6qmEaskkSkwTBR3K4mR6ouqb2ouOLmelowvrD:Y0ViaqEscDTLLLouqCoaQz
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1