General
-
Target
a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541
-
Size
206KB
-
Sample
220605-snyh5sgacj
-
MD5
fb004cbf4dc92676367d9cf6a28ecc71
-
SHA1
4bff625571dbc7b695b49fa94556ab0d130519aa
-
SHA256
a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541
-
SHA512
9c6102e0cee339d1a0b4baee80786459a22486f3fa029c1ff9e8f0a8f165d36aee0f8489435545fba9b68162683d63764d812c40d7bc1ab4ded64efad7fafefd
Static task
static1
Behavioral task
behavioral1
Sample
a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541
-
Size
206KB
-
MD5
fb004cbf4dc92676367d9cf6a28ecc71
-
SHA1
4bff625571dbc7b695b49fa94556ab0d130519aa
-
SHA256
a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541
-
SHA512
9c6102e0cee339d1a0b4baee80786459a22486f3fa029c1ff9e8f0a8f165d36aee0f8489435545fba9b68162683d63764d812c40d7bc1ab4ded64efad7fafefd
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
suricata: ET MALWARE Sality - Fake Opera User-Agent
suricata: ET MALWARE Sality - Fake Opera User-Agent
-
Contacts a large (845) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-