General
-
Target
a1728bbc42861f5b20daf1d17a28cb7264e7956466156af1f73e5f5d59b17ffb
-
Size
2.7MB
-
Sample
240218-s2bljabg2y
-
MD5
01b4a4a550230166c42936385c90a281
-
SHA1
64e4619c72a08897448ee2647aaec8d390500598
-
SHA256
a1728bbc42861f5b20daf1d17a28cb7264e7956466156af1f73e5f5d59b17ffb
-
SHA512
f303dbd5c28e365f96a3a7f4b9f2d5d65404b6bddd23b9afe3c0c7ccb607610d333086c43d9249181cf4eb528a4c2664a8b157c2f3583a580abc29c321901c8e
-
SSDEEP
49152:yt8MGGGN/DJAyC4yHJvu/wRwAjGeRj5Z:E8MGGGZlAyCPVuMD
Behavioral task
behavioral1
Sample
a1728bbc42861f5b20daf1d17a28cb7264e7956466156af1f73e5f5d59b17ffb.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
a1728bbc42861f5b20daf1d17a28cb7264e7956466156af1f73e5f5d59b17ffb
-
Size
2.7MB
-
MD5
01b4a4a550230166c42936385c90a281
-
SHA1
64e4619c72a08897448ee2647aaec8d390500598
-
SHA256
a1728bbc42861f5b20daf1d17a28cb7264e7956466156af1f73e5f5d59b17ffb
-
SHA512
f303dbd5c28e365f96a3a7f4b9f2d5d65404b6bddd23b9afe3c0c7ccb607610d333086c43d9249181cf4eb528a4c2664a8b157c2f3583a580abc29c321901c8e
-
SSDEEP
49152:yt8MGGGN/DJAyC4yHJvu/wRwAjGeRj5Z:E8MGGGZlAyCPVuMD
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5