General
-
Target
9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b
-
Size
734KB
-
Sample
240219-1d4leadf3z
-
MD5
b6810135a71c8f9c8eef35b4e3f33783
-
SHA1
2dc5b02ab4a386556ac998d6e93f868d2a62ee0c
-
SHA256
9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b
-
SHA512
84e53ce568d0888b3706c79a519197fdd6a6293129e3555534fe96020f1f39b7e21a1804952642edc3d3e8461c04348a3b9434682c54a3cfe8e6e52df04f6249
-
SSDEEP
12288:KrrCWYeYynJpT6qdogI3+wAOVCDxs2m8Eu56+iZQDncyCIOZEMs6+2zKbn57y+hN:iGynHtEu0tJ39lKleASGBRhGj6R43U7
Static task
static1
Behavioral task
behavioral1
Sample
9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b
-
Size
734KB
-
MD5
b6810135a71c8f9c8eef35b4e3f33783
-
SHA1
2dc5b02ab4a386556ac998d6e93f868d2a62ee0c
-
SHA256
9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b
-
SHA512
84e53ce568d0888b3706c79a519197fdd6a6293129e3555534fe96020f1f39b7e21a1804952642edc3d3e8461c04348a3b9434682c54a3cfe8e6e52df04f6249
-
SSDEEP
12288:KrrCWYeYynJpT6qdogI3+wAOVCDxs2m8Eu56+iZQDncyCIOZEMs6+2zKbn57y+hN:iGynHtEu0tJ39lKleASGBRhGj6R43U7
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5