General
-
Target
363ecffc5be8bafacf76d39495a34e285f9608479e46cc562ea0739cba4dc0c7
-
Size
6.3MB
-
Sample
240701-y768aaxfnc
-
MD5
b0bd17e3c1447a1f1ad35fddc5007f26
-
SHA1
7ceb51392d32f113f07300c636112bc311330e38
-
SHA256
363ecffc5be8bafacf76d39495a34e285f9608479e46cc562ea0739cba4dc0c7
-
SHA512
707afbec914a32c6285db891f78ae47ded8d24befc72ca71b994b3fb2dce2e31efa002a3c24d904a526040a76c77cb19448e06694c2b54c4cefa206a7c5da95c
-
SSDEEP
196608:EYub1Ls+UIUwgT4Ot8DS2Dpcbw7lgssa4B:Tub1avPF8JYGlgsjI
Static task
static1
Behavioral task
behavioral1
Sample
363ecffc5be8bafacf76d39495a34e285f9608479e46cc562ea0739cba4dc0c7.exe
Resource
win7-20240419-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
363ecffc5be8bafacf76d39495a34e285f9608479e46cc562ea0739cba4dc0c7
-
Size
6.3MB
-
MD5
b0bd17e3c1447a1f1ad35fddc5007f26
-
SHA1
7ceb51392d32f113f07300c636112bc311330e38
-
SHA256
363ecffc5be8bafacf76d39495a34e285f9608479e46cc562ea0739cba4dc0c7
-
SHA512
707afbec914a32c6285db891f78ae47ded8d24befc72ca71b994b3fb2dce2e31efa002a3c24d904a526040a76c77cb19448e06694c2b54c4cefa206a7c5da95c
-
SSDEEP
196608:EYub1Ls+UIUwgT4Ot8DS2Dpcbw7lgssa4B:Tub1avPF8JYGlgsjI
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1