General
-
Target
85dd5f123e48e7332f662acf1aad74513b359ae95c021b99127121a2d2fc9a4b
-
Size
460KB
-
Sample
221123-xmz3ssfe28
-
MD5
42ca7c07506ef576fb4132d96fbbd738
-
SHA1
4ae52958e3942e7e43e72e4d4bc3c4b724ad0055
-
SHA256
85dd5f123e48e7332f662acf1aad74513b359ae95c021b99127121a2d2fc9a4b
-
SHA512
a35b1837dc546869701da13c29b5722a3312ae89fa1fda23b87e1cf826f7cd53c132f00812944741806f6edf603146b0f66b1bfc7cbb7a05d0584d9f8beeb182
-
SSDEEP
12288:Ha2AW4g1y8JB4IJwHfO1Kho8r13L5g1z0myS43XNt2oSgBwr0hP:6dWL4IJr2hb5g1z2S43XNt9iWP
Behavioral task
behavioral1
Sample
85dd5f123e48e7332f662acf1aad74513b359ae95c021b99127121a2d2fc9a4b.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
85dd5f123e48e7332f662acf1aad74513b359ae95c021b99127121a2d2fc9a4b
-
Size
460KB
-
MD5
42ca7c07506ef576fb4132d96fbbd738
-
SHA1
4ae52958e3942e7e43e72e4d4bc3c4b724ad0055
-
SHA256
85dd5f123e48e7332f662acf1aad74513b359ae95c021b99127121a2d2fc9a4b
-
SHA512
a35b1837dc546869701da13c29b5722a3312ae89fa1fda23b87e1cf826f7cd53c132f00812944741806f6edf603146b0f66b1bfc7cbb7a05d0584d9f8beeb182
-
SSDEEP
12288:Ha2AW4g1y8JB4IJwHfO1Kho8r13L5g1z0myS43XNt2oSgBwr0hP:6dWL4IJr2hb5g1z2S43XNt9iWP
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-