General
-
Target
53fcd7145bfb3737dc67bff3f7fe79997471c8171328dd10323da5fdb100d2eb
-
Size
478KB
-
Sample
220725-zkkansebf3
-
MD5
27b5a2ae4b7829e5c4a6be8c05f0af66
-
SHA1
f0a03d7f0aff41e5458436f0241c8a1e59002e76
-
SHA256
53fcd7145bfb3737dc67bff3f7fe79997471c8171328dd10323da5fdb100d2eb
-
SHA512
7d2b5a3731f3e38118bc1d25354782e79913e79408439a74d121bef546ab21e60330d9cf73a083bdcf19d20327d5ace3b3261fbb97acbb0318556050b4d917a8
Static task
static1
Behavioral task
behavioral1
Sample
53fcd7145bfb3737dc67bff3f7fe79997471c8171328dd10323da5fdb100d2eb.exe
Resource
win7-20220718-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Extracted
lokibot
http://mclhk-net.com/hiswounds/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
53fcd7145bfb3737dc67bff3f7fe79997471c8171328dd10323da5fdb100d2eb
-
Size
478KB
-
MD5
27b5a2ae4b7829e5c4a6be8c05f0af66
-
SHA1
f0a03d7f0aff41e5458436f0241c8a1e59002e76
-
SHA256
53fcd7145bfb3737dc67bff3f7fe79997471c8171328dd10323da5fdb100d2eb
-
SHA512
7d2b5a3731f3e38118bc1d25354782e79913e79408439a74d121bef546ab21e60330d9cf73a083bdcf19d20327d5ace3b3261fbb97acbb0318556050b4d917a8
-
Modifies firewall policy service
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-