General
-
Target
bootsvc.exe
-
Size
81KB
-
Sample
220716-sgrf9addbn
-
MD5
70bff3f4d233bacd4970bdcc2d9c1922
-
SHA1
1c12235447ded3e5909da1a54286ccc7e044eff7
-
SHA256
22c96890feb3ba58ca20a314d560e38f419f2eb2629b3c039b32815ec9539916
-
SHA512
34fb1bd76d2dea6cfb702662d30db5b3695659b7dcce65fd745cdc3f3c5298a8d1c6cf49ac582d8e38e1fce4ef01c924d3da2b97a10ee6e6d7ea9af0d650d032
Static task
static1
Behavioral task
behavioral1
Sample
bootsvc.exe
Resource
win7-20220414-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
bootsvc.exe
-
Size
81KB
-
MD5
70bff3f4d233bacd4970bdcc2d9c1922
-
SHA1
1c12235447ded3e5909da1a54286ccc7e044eff7
-
SHA256
22c96890feb3ba58ca20a314d560e38f419f2eb2629b3c039b32815ec9539916
-
SHA512
34fb1bd76d2dea6cfb702662d30db5b3695659b7dcce65fd745cdc3f3c5298a8d1c6cf49ac582d8e38e1fce4ef01c924d3da2b97a10ee6e6d7ea9af0d650d032
-
Modifies firewall policy service
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-