Overview
overview
10Static
static
3a03afce8a0...c9.exe
windows7-x64
10a03afce8a0...c9.exe
windows10-2004-x64
10$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...up.exe
windows7-x64
4$PLUGINSDI...up.exe
windows10-2004-x64
4$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$PLUGINSDI...mp.dll
windows7-x64
3$PLUGINSDI...mp.dll
windows10-2004-x64
3General
-
Target
a03afce8a00ddd4b5d8c9d05403363c9
-
Size
429KB
-
Sample
240216-nascrahe31
-
MD5
a03afce8a00ddd4b5d8c9d05403363c9
-
SHA1
d34612340ce214e0633a58c3e5c54727e98e94f2
-
SHA256
57e1bc5c9e6dba152c14cb933ba2a05c25703ac35b902cc260de61e8e1d70909
-
SHA512
1fecd50d5c4f32a6d3329c552ddb267f23ca7072c9a14d4c0746cf258720bbd8d82c25df0f6ff90b56d6a9d77a35364a711702980de11411f8f9626e7dbca582
-
SSDEEP
6144:YmEI6sSIRRepQN1EzwmlBR9r99yj51txISHQxx3U+s36xSYTbx/9lxH:YmE/sSILeQ/Kj9KWSwx3jo6wYzPH
Static task
static1
Behavioral task
behavioral1
Sample
a03afce8a00ddd4b5d8c9d05403363c9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a03afce8a00ddd4b5d8c9d05403363c9.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/RrimoRedist/pxsetup.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/RrimoRedist/pxsetup.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsis_chklist.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsis_chklist.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsis_winamp.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsis_winamp.dll
Resource
win10v2004-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a03afce8a00ddd4b5d8c9d05403363c9
-
Size
429KB
-
MD5
a03afce8a00ddd4b5d8c9d05403363c9
-
SHA1
d34612340ce214e0633a58c3e5c54727e98e94f2
-
SHA256
57e1bc5c9e6dba152c14cb933ba2a05c25703ac35b902cc260de61e8e1d70909
-
SHA512
1fecd50d5c4f32a6d3329c552ddb267f23ca7072c9a14d4c0746cf258720bbd8d82c25df0f6ff90b56d6a9d77a35364a711702980de11411f8f9626e7dbca582
-
SSDEEP
6144:YmEI6sSIRRepQN1EzwmlBR9r99yj51txISHQxx3U+s36xSYTbx/9lxH:YmE/sSILeQ/Kj9KWSwx3jo6wYzPH
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
1be3fc5971da6f9b86843d0763912fb6
-
SHA1
e921bfa5b330102630420007a63fde0c439f0cdc
-
SHA256
89ed50600e7046184f80b2a20b5299f35a0439fab1ad1f9f5fc55606955b6186
-
SHA512
99e5a4e888c6cbd2b67464162516aec5a564447fec389012acd8873aa6312020bfe5f0d68e83f54a7320355c5f828f7769f666d5cfd12f2ceed02a6d5b66dc4d
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
410a586735f45164c86bda363ad8446f
-
SHA1
a68d18a8c72ffaa8f8d9ed9f76ea9b0ed397821b
-
SHA256
b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005
-
SHA512
d12083f67df132b2be57c202601a0cf82dba4c234910e780d2723aac14ae68407b824405b04737b55104bc97750550a3271a944d647661b067ce134075e6cc2a
-
SSDEEP
48:aYZT4WeApYxYlxamAWHN+EuWkGWBBWAGr9SdLB8m+ofYZVSA:JCWGSxamjHNDuWRWBBWvmuV
Score3/10 -
-
-
Target
$PLUGINSDIR/RrimoRedist/pxsetup.exe
-
Size
70KB
-
MD5
4ee24c7fd67b098431c951db7686bd19
-
SHA1
5b14bed150ea0bf619b938ce94b9f32b02a6aadc
-
SHA256
0f445c4b76bc309a940d5f4ba615bef1dcefbc0d160f3a8d06e0038160d9b4af
-
SHA512
7853bcd7482b85ab362935060506a1b44779946e9428838a1c95cc54fcbf94058ed9c2101b5c4e3114ed125b88692ed694b394ff94ecc8d88c39b57bb21f08f8
-
SSDEEP
768:hAU7HRAGh50RWvgd01Q1xBovT0/TYJ1BJ5dylihjtJaQ6GUfcY00YeCGL+Hbmpmx:hA11u+BovTcYJt57jtJjqcYLLCG0mIx
Score4/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
959ea64598b9a3e494c00e8fa793be7e
-
SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0
-
SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
-
SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
SSDEEP
192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
f7b92b78f1a00a872c8a38f40afa7d65
-
SHA1
872522498f69ad49270190c74cf3af28862057f2
-
SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
-
SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
-
SSDEEP
192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_chklist.dll
-
Size
21KB
-
MD5
2b18cb4be9405caa2831340668a21d1f
-
SHA1
55f0d3e2e2913e54ddd76252f06feb370040cab3
-
SHA256
b6b46b0d52d44ed6ea72429c43394d8fd23d41b01d237428c070fb344d16515a
-
SHA512
c48cd7090e93cb90dfed8442a0d068a077f815641968a2615f767c9cbf020c3aaad2387cda1aba6768b2f5b346c779e29e40a6da6066ad2c28f29bb43505ea9d
-
SSDEEP
384:4OHLSN94SOiUJ+4lpGwMTFVUWLuXiyKnC6qTNqRS4XIaFfCzREsyExgsfrEu:4ySN943iljFO5XjIFRS4Vf9s9NzEu
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_winamp.dll
-
Size
4KB
-
MD5
1e1ded1cf1c69852f2074693459fb3b5
-
SHA1
81b165cae4d38a98760131989fdd8aed2c918679
-
SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec
-
SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96
-
SSDEEP
48:SEdAWvTa5HlE1m198EqtjbglT68HY06mzWB+wUKCmMpzm7n4/ZS9:LA2a5Fcm198EqtjMlv47mzWBVgaj4/w
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5