General
-
Target
virussign.com_e0f6d160403a4a4f8f0f4fd95b0195e0
-
Size
150KB
-
Sample
220713-rt7hkaadd3
-
MD5
e0f6d160403a4a4f8f0f4fd95b0195e0
-
SHA1
6cc9d372efe50fd1902bdd0402473787d2de6494
-
SHA256
5b318d19d32ab37e37711ec351a00c952edfea259a367ccad3817039c0a50ce2
-
SHA512
bf38dca261baade73a2689802ffc24e41bb5e71307d3aa616ef2fb025bf77c926b5aa0fd9eead81a0b32905636e918c90b9889d342f369470a8229ff2caa1393
Static task
static1
Behavioral task
behavioral1
Sample
virussign.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
virussign.com_e0f6d160403a4a4f8f0f4fd95b0195e0
-
Size
150KB
-
MD5
e0f6d160403a4a4f8f0f4fd95b0195e0
-
SHA1
6cc9d372efe50fd1902bdd0402473787d2de6494
-
SHA256
5b318d19d32ab37e37711ec351a00c952edfea259a367ccad3817039c0a50ce2
-
SHA512
bf38dca261baade73a2689802ffc24e41bb5e71307d3aa616ef2fb025bf77c926b5aa0fd9eead81a0b32905636e918c90b9889d342f369470a8229ff2caa1393
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-