General
-
Target
36ef019e36c07eb2c3bb4c45dabecc750569dcb17d1f7f5867133018ba319c51
-
Size
948KB
-
Sample
221029-vpfe3agcel
-
MD5
8502657b096736c8702537c8aade74b0
-
SHA1
43a833012e407d2c0c25464e0b7a276d80fd9103
-
SHA256
36ef019e36c07eb2c3bb4c45dabecc750569dcb17d1f7f5867133018ba319c51
-
SHA512
06b80fa0773d33166753598069eeb9c8396e107600b3eba443c5c2024eed1f8e666950098479721925d7b5fef39e275860624cb93f220ef77b0ba19fc0a975be
-
SSDEEP
24576:785kQiVhqMOGPksJwaj1Frn6GgHH/VLGLtT+iqKDbg1:IBANwS1hAHf4TDqK/g1
Static task
static1
Behavioral task
behavioral1
Sample
36ef019e36c07eb2c3bb4c45dabecc750569dcb17d1f7f5867133018ba319c51.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
36ef019e36c07eb2c3bb4c45dabecc750569dcb17d1f7f5867133018ba319c51
-
Size
948KB
-
MD5
8502657b096736c8702537c8aade74b0
-
SHA1
43a833012e407d2c0c25464e0b7a276d80fd9103
-
SHA256
36ef019e36c07eb2c3bb4c45dabecc750569dcb17d1f7f5867133018ba319c51
-
SHA512
06b80fa0773d33166753598069eeb9c8396e107600b3eba443c5c2024eed1f8e666950098479721925d7b5fef39e275860624cb93f220ef77b0ba19fc0a975be
-
SSDEEP
24576:785kQiVhqMOGPksJwaj1Frn6GgHH/VLGLtT+iqKDbg1:IBANwS1hAHf4TDqK/g1
-
Modifies firewall policy service
-
Modifies system executable filetype association
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Change Default File Association
1Registry Run Keys / Startup Folder
3Browser Extensions
1Bootkit
1Defense Evasion
Modify Registry
10Bypass User Account Control
1Disabling Security Tools
3