General
-
Target
c7c17aefce39587b48ecdd6e51f0a94845c5d905ac6965c5bab9a86b06e6a01d
-
Size
2.0MB
-
Sample
240219-1d79ladf4s
-
MD5
e5da08464a6fc3d0cd457258718e3193
-
SHA1
8e10dcebff5585dee990598996004dab54bb97c7
-
SHA256
c7c17aefce39587b48ecdd6e51f0a94845c5d905ac6965c5bab9a86b06e6a01d
-
SHA512
697ee1fd74dc6ee616698892f01f54998e0c8069c2f3cae9a50ba91d88bf3b334ba9b5a14bc34e99bc901dc384af2a83524949cf1866c1a753f4ac780c838802
-
SSDEEP
24576:LRE+cBFVW3dAfXvWjpXTrd1zHh6m0sn9VZ:LgzeAfcLHh6m0sn9D
Static task
static1
Behavioral task
behavioral1
Sample
c7c17aefce39587b48ecdd6e51f0a94845c5d905ac6965c5bab9a86b06e6a01d.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c7c17aefce39587b48ecdd6e51f0a94845c5d905ac6965c5bab9a86b06e6a01d
-
Size
2.0MB
-
MD5
e5da08464a6fc3d0cd457258718e3193
-
SHA1
8e10dcebff5585dee990598996004dab54bb97c7
-
SHA256
c7c17aefce39587b48ecdd6e51f0a94845c5d905ac6965c5bab9a86b06e6a01d
-
SHA512
697ee1fd74dc6ee616698892f01f54998e0c8069c2f3cae9a50ba91d88bf3b334ba9b5a14bc34e99bc901dc384af2a83524949cf1866c1a753f4ac780c838802
-
SSDEEP
24576:LRE+cBFVW3dAfXvWjpXTrd1zHh6m0sn9VZ:LgzeAfcLHh6m0sn9D
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5