General
-
Target
e991aa8b7a3b5a060d4680a36289dbe65ce47e755cd6c68e5ce5cf2b4041eae2
-
Size
120KB
-
Sample
240701-eqzmbsygrn
-
MD5
3bec2c1a7153d7600b986c7ffd45610b
-
SHA1
0f9c982ec305ae53c5caacf55607f4c2fb8ddb6c
-
SHA256
e991aa8b7a3b5a060d4680a36289dbe65ce47e755cd6c68e5ce5cf2b4041eae2
-
SHA512
061a7648171a4aea7afb7f797582da1b59a0d2b62cc2fd51b9bf483c1350dae70df30fc4f002b368dabf89a2ef8ddcff728ba964ab60233bd16ce6c86ece700a
-
SSDEEP
1536:Xosbjy+z0bCv//ly2F3FAPU3LreYK4qXc0qLnVhL4wJZGSiYExNbu:XhH3yc3LrzK4qXoLL4wJniR
Static task
static1
Behavioral task
behavioral1
Sample
e991aa8b7a3b5a060d4680a36289dbe65ce47e755cd6c68e5ce5cf2b4041eae2.dll
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
e991aa8b7a3b5a060d4680a36289dbe65ce47e755cd6c68e5ce5cf2b4041eae2
-
Size
120KB
-
MD5
3bec2c1a7153d7600b986c7ffd45610b
-
SHA1
0f9c982ec305ae53c5caacf55607f4c2fb8ddb6c
-
SHA256
e991aa8b7a3b5a060d4680a36289dbe65ce47e755cd6c68e5ce5cf2b4041eae2
-
SHA512
061a7648171a4aea7afb7f797582da1b59a0d2b62cc2fd51b9bf483c1350dae70df30fc4f002b368dabf89a2ef8ddcff728ba964ab60233bd16ce6c86ece700a
-
SSDEEP
1536:Xosbjy+z0bCv//ly2F3FAPU3LreYK4qXc0qLnVhL4wJZGSiYExNbu:XhH3yc3LrzK4qXoLL4wJniR
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1