General
-
Target
svchost.exe
-
Size
164KB
-
Sample
220823-raznlsgba9
-
MD5
6b8a2e6c75a58550d3b7d4b09d3604e1
-
SHA1
af6668c93f497694e5ed6d7ea59445f60cde31a0
-
SHA256
11df6b403ee5a2e308eff2382fe7ec896a087d14bbee47ed8a02c0a4d940bccf
-
SHA512
f94eb324d0f794db13aeaed0136908e4a02a4dc34ffc2bdb6f84365ac0038e02b254e1cf61b933562ec60f245080d0c7a9bafad2869e7b23c6671e6b1e4e9303
-
SSDEEP
3072:aT2xNfzEmPUac0yCRS9EK0TLmmIhIsY33Trsl1RGS6KSIH6hUNYZFF:OkPpe0mmIt+3crcrh8Mn
Static task
static1
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
svchost.exe
-
Size
164KB
-
MD5
6b8a2e6c75a58550d3b7d4b09d3604e1
-
SHA1
af6668c93f497694e5ed6d7ea59445f60cde31a0
-
SHA256
11df6b403ee5a2e308eff2382fe7ec896a087d14bbee47ed8a02c0a4d940bccf
-
SHA512
f94eb324d0f794db13aeaed0136908e4a02a4dc34ffc2bdb6f84365ac0038e02b254e1cf61b933562ec60f245080d0c7a9bafad2869e7b23c6671e6b1e4e9303
-
SSDEEP
3072:aT2xNfzEmPUac0yCRS9EK0TLmmIhIsY33Trsl1RGS6KSIH6hUNYZFF:OkPpe0mmIt+3crcrh8Mn
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-