General
-
Target
b085f8c891c5f3c3292b318cbe63c6d01a07909964a3a7f9046def847bd94537
-
Size
1.8MB
-
Sample
240218-t3aw3acf94
-
MD5
39e8ce603f4c93561230fa57539f0d3a
-
SHA1
16142ac8367adb5c4c76d9ad903744b8bb7e8c7e
-
SHA256
b085f8c891c5f3c3292b318cbe63c6d01a07909964a3a7f9046def847bd94537
-
SHA512
6653c164577c9166302650fc98309a1d6e69fe6f396e308c33951d525a800a9999c3ccd09a0d279d97e48580dc90293112a5b17797669e9c8b6eedf0d314b1a7
-
SSDEEP
24576:pLggggMuLMZV9cJlznJe3CpQTkZc1ntJv:pggggMEUcXJ8IQgZmt9
Static task
static1
Behavioral task
behavioral1
Sample
b085f8c891c5f3c3292b318cbe63c6d01a07909964a3a7f9046def847bd94537.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
b085f8c891c5f3c3292b318cbe63c6d01a07909964a3a7f9046def847bd94537
-
Size
1.8MB
-
MD5
39e8ce603f4c93561230fa57539f0d3a
-
SHA1
16142ac8367adb5c4c76d9ad903744b8bb7e8c7e
-
SHA256
b085f8c891c5f3c3292b318cbe63c6d01a07909964a3a7f9046def847bd94537
-
SHA512
6653c164577c9166302650fc98309a1d6e69fe6f396e308c33951d525a800a9999c3ccd09a0d279d97e48580dc90293112a5b17797669e9c8b6eedf0d314b1a7
-
SSDEEP
24576:pLggggMuLMZV9cJlznJe3CpQTkZc1ntJv:pggggMEUcXJ8IQgZmt9
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5