General
-
Target
virussign.com_981c8a2357a000371a465746daf3a340
-
Size
120KB
-
Sample
220716-jtxdlaaba9
-
MD5
981c8a2357a000371a465746daf3a340
-
SHA1
ed2872a3df64db6859d15ec30382156aa203015f
-
SHA256
449463aa2edcc35b3f5db7cbae40b09aac5ec12ee65d1c0f89c8628b5bd868e1
-
SHA512
434b7c87cbf9b62bdd0f7f942fda10c74ce9c62eb5d64fd3847958749d2ac94670737205212ccfc3f86d018d879916177072bbf03f51170fa9d0bd5209e1bded
Static task
static1
Behavioral task
behavioral1
Sample
virussign.dll
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
virussign.com_981c8a2357a000371a465746daf3a340
-
Size
120KB
-
MD5
981c8a2357a000371a465746daf3a340
-
SHA1
ed2872a3df64db6859d15ec30382156aa203015f
-
SHA256
449463aa2edcc35b3f5db7cbae40b09aac5ec12ee65d1c0f89c8628b5bd868e1
-
SHA512
434b7c87cbf9b62bdd0f7f942fda10c74ce9c62eb5d64fd3847958749d2ac94670737205212ccfc3f86d018d879916177072bbf03f51170fa9d0bd5209e1bded
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-