General
-
Target
8f1586eba6894a71207b8465541e5486ff38c70cb3ef04ec748aa7fce78bf94e
-
Size
65KB
-
Sample
240701-affn9atbmj
-
MD5
37bb1404357349a46631b9c7d9a6fde2
-
SHA1
0dfd6e77ab3430c94fe79e97a61093c85d0805d1
-
SHA256
8f1586eba6894a71207b8465541e5486ff38c70cb3ef04ec748aa7fce78bf94e
-
SHA512
2a213b3fbc41e4633b20b7787654df5b6b0e1ea0e248a3d63151686d7151aa43064959eadb3e05a20cf3d228409cdfc60ba967a098efd0ab7d26fc134102c07d
-
SSDEEP
1536:QA73qRaMo1QFFoeakdTVzlTsHOJVurAExJavcql6RfE3M:6R5oiFFZaUTVzdsEurXWJl6R/
Static task
static1
Behavioral task
behavioral1
Sample
8f1586eba6894a71207b8465541e5486ff38c70cb3ef04ec748aa7fce78bf94e.exe
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8f1586eba6894a71207b8465541e5486ff38c70cb3ef04ec748aa7fce78bf94e
-
Size
65KB
-
MD5
37bb1404357349a46631b9c7d9a6fde2
-
SHA1
0dfd6e77ab3430c94fe79e97a61093c85d0805d1
-
SHA256
8f1586eba6894a71207b8465541e5486ff38c70cb3ef04ec748aa7fce78bf94e
-
SHA512
2a213b3fbc41e4633b20b7787654df5b6b0e1ea0e248a3d63151686d7151aa43064959eadb3e05a20cf3d228409cdfc60ba967a098efd0ab7d26fc134102c07d
-
SSDEEP
1536:QA73qRaMo1QFFoeakdTVzlTsHOJVurAExJavcql6RfE3M:6R5oiFFZaUTVzdsEurXWJl6R/
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1