General
-
Target
virussign.com_e60ddc34bde1a87061dd29b5b4479890
-
Size
597KB
-
Sample
220715-v5jseseccp
-
MD5
e60ddc34bde1a87061dd29b5b4479890
-
SHA1
ac7e92f99be934dcb0ebe4f611ecc8b7984eed8d
-
SHA256
f84cd8ad47e1d607b9965b2505adf658a9ec61142cc51ef37cd703b1ad0eadab
-
SHA512
a1f64c5246b49b5c0c8ec47fa14de9962f85640ab29f0f1de6f19799b01f15e0b0699b11d0837e89833a10760897fbe8b44ea2d03bfaebd03f95fcde226a36a3
Static task
static1
Behavioral task
behavioral1
Sample
virussign.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
virussign.com_e60ddc34bde1a87061dd29b5b4479890
-
Size
597KB
-
MD5
e60ddc34bde1a87061dd29b5b4479890
-
SHA1
ac7e92f99be934dcb0ebe4f611ecc8b7984eed8d
-
SHA256
f84cd8ad47e1d607b9965b2505adf658a9ec61142cc51ef37cd703b1ad0eadab
-
SHA512
a1f64c5246b49b5c0c8ec47fa14de9962f85640ab29f0f1de6f19799b01f15e0b0699b11d0837e89833a10760897fbe8b44ea2d03bfaebd03f95fcde226a36a3
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-