General
-
Target
a78528b46decd7d7b4c0810f143f0723.exe
-
Size
100KB
-
Sample
240107-ycgzxadfc8
-
MD5
a78528b46decd7d7b4c0810f143f0723
-
SHA1
2ed1a020337e78be651b6fcdf636a87602bce38b
-
SHA256
26a79b5f57610c2a22793d610525d9bf58fdf2dcd17aec78d4fae4cca84714a8
-
SHA512
28c044c4c4ab9d4383e98d44538c37551f6c0d1bebcda8f60464d20c304805dde9c84ce3887b1044c2e9a3177d2f294f2a28cc2334411841576e8ca3569f07f9
-
SSDEEP
3072:N0xpIcep+Wj6jgRuqaHusBrq/W490vrNxv/rS1ZnUeK:pcGz9KrqO/Z8I3
Static task
static1
Behavioral task
behavioral1
Sample
a78528b46decd7d7b4c0810f143f0723.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a78528b46decd7d7b4c0810f143f0723.exe
-
Size
100KB
-
MD5
a78528b46decd7d7b4c0810f143f0723
-
SHA1
2ed1a020337e78be651b6fcdf636a87602bce38b
-
SHA256
26a79b5f57610c2a22793d610525d9bf58fdf2dcd17aec78d4fae4cca84714a8
-
SHA512
28c044c4c4ab9d4383e98d44538c37551f6c0d1bebcda8f60464d20c304805dde9c84ce3887b1044c2e9a3177d2f294f2a28cc2334411841576e8ca3569f07f9
-
SSDEEP
3072:N0xpIcep+Wj6jgRuqaHusBrq/W490vrNxv/rS1ZnUeK:pcGz9KrqO/Z8I3
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5