General
-
Target
c9c7efe6c2ae1d8d6398cd119782b3803ed5df73dca93a670d6fb15c47da666a
-
Size
683KB
-
Sample
220605-sp4fsagacn
-
MD5
2f04783066fe1bddd5de68d2c2afcb86
-
SHA1
976188f5afe54bec9ff0ef94e0283a4b51d833d3
-
SHA256
c9c7efe6c2ae1d8d6398cd119782b3803ed5df73dca93a670d6fb15c47da666a
-
SHA512
5bf47bacd498ba9110d33548651b87ed060286183677c219ce9c48c9958516190c166806a4dee0395c13a4bfe4043c163537b93414a0764817ce736acf395829
Static task
static1
Behavioral task
behavioral1
Sample
c9c7efe6c2ae1d8d6398cd119782b3803ed5df73dca93a670d6fb15c47da666a.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
c9c7efe6c2ae1d8d6398cd119782b3803ed5df73dca93a670d6fb15c47da666a
-
Size
683KB
-
MD5
2f04783066fe1bddd5de68d2c2afcb86
-
SHA1
976188f5afe54bec9ff0ef94e0283a4b51d833d3
-
SHA256
c9c7efe6c2ae1d8d6398cd119782b3803ed5df73dca93a670d6fb15c47da666a
-
SHA512
5bf47bacd498ba9110d33548651b87ed060286183677c219ce9c48c9958516190c166806a4dee0395c13a4bfe4043c163537b93414a0764817ce736acf395829
-
Modifies firewall policy service
-
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
suricata: ET MALWARE W32/Sality Executable Pack Digital Signature ASCII Marker
suricata: ET MALWARE W32/Sality Executable Pack Digital Signature ASCII Marker
-
suricata: ET MALWARE Wapack Labs Sinkhole DNS Reply
suricata: ET MALWARE Wapack Labs Sinkhole DNS Reply
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-