General
-
Target
bcd9a2bb7a1c01b15e6b6239e35281f3d8baa1aef3e8d83aebe6e13b4660842a
-
Size
879KB
-
Sample
220701-dq4qlsbed8
-
MD5
a7dc30dacf2eeedb3b4a90813e910dc6
-
SHA1
8f114ae2772ad9c5706efff24ca555274d4181f1
-
SHA256
bcd9a2bb7a1c01b15e6b6239e35281f3d8baa1aef3e8d83aebe6e13b4660842a
-
SHA512
ec45df481a6c99236052e3df3477d65a1ddf424fd5becaf5be8538a639a149e22a979c8ea3414eb58b79ad9df5a36087a7e37772b6807824aa44463b4944c1d8
Static task
static1
Behavioral task
behavioral1
Sample
bcd9a2bb7a1c01b15e6b6239e35281f3d8baa1aef3e8d83aebe6e13b4660842a.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bcd9a2bb7a1c01b15e6b6239e35281f3d8baa1aef3e8d83aebe6e13b4660842a
-
Size
879KB
-
MD5
a7dc30dacf2eeedb3b4a90813e910dc6
-
SHA1
8f114ae2772ad9c5706efff24ca555274d4181f1
-
SHA256
bcd9a2bb7a1c01b15e6b6239e35281f3d8baa1aef3e8d83aebe6e13b4660842a
-
SHA512
ec45df481a6c99236052e3df3477d65a1ddf424fd5becaf5be8538a639a149e22a979c8ea3414eb58b79ad9df5a36087a7e37772b6807824aa44463b4944c1d8
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-