General
-
Target
d7999a3e9af0b9c230f38adebb5fc300.exe
-
Size
564KB
-
Sample
231206-zy79nahah2
-
MD5
d7999a3e9af0b9c230f38adebb5fc300
-
SHA1
6072f81e32d11f65a32b13540dbee2dd4e60a987
-
SHA256
d73379fab1de9711c9ddfeaeb92b2b9aeca4aefda67d950483bb6ec5ff00e446
-
SHA512
9e842a564d12df7915d62638f27a8619a549131a0a7990ec453de04762b559daec9e86427319d554168ae0075ef5a77795f41308dec727f7a136fdfef634e648
-
SSDEEP
12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVJ:teh0PpS6NxNnwYeOHXAhWTJ
Static task
static1
Behavioral task
behavioral1
Sample
d7999a3e9af0b9c230f38adebb5fc300.dll
Resource
win7-20231023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
d7999a3e9af0b9c230f38adebb5fc300.exe
-
Size
564KB
-
MD5
d7999a3e9af0b9c230f38adebb5fc300
-
SHA1
6072f81e32d11f65a32b13540dbee2dd4e60a987
-
SHA256
d73379fab1de9711c9ddfeaeb92b2b9aeca4aefda67d950483bb6ec5ff00e446
-
SHA512
9e842a564d12df7915d62638f27a8619a549131a0a7990ec453de04762b559daec9e86427319d554168ae0075ef5a77795f41308dec727f7a136fdfef634e648
-
SSDEEP
12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVJ:teh0PpS6NxNnwYeOHXAhWTJ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1