General
-
Target
21b2a584819e2f2da414073499f3ac174f94da76cc423b8eee38e6349da6ce99
-
Size
4.0MB
-
Sample
240220-bz9bcahd58
-
MD5
5f8c29597976c8bf2ceac4a62187b39c
-
SHA1
4daa4cb538adbcc531ac42800e148c48c5bfca45
-
SHA256
21b2a584819e2f2da414073499f3ac174f94da76cc423b8eee38e6349da6ce99
-
SHA512
09846765ff26452fcdcd8323f05ef1f2a55fdb9c9d9e33a1b806f75e71c7784f2b00774b81bbe822b8e99b6087f1b9f6422c7233ce1ace9e1de4707c3316f524
-
SSDEEP
24576:RXvyb/1zhcrszNQqLtWiSlTI7u0PmSN3:5vyJiUQgwTI7
Static task
static1
Behavioral task
behavioral1
Sample
21b2a584819e2f2da414073499f3ac174f94da76cc423b8eee38e6349da6ce99.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
21b2a584819e2f2da414073499f3ac174f94da76cc423b8eee38e6349da6ce99
-
Size
4.0MB
-
MD5
5f8c29597976c8bf2ceac4a62187b39c
-
SHA1
4daa4cb538adbcc531ac42800e148c48c5bfca45
-
SHA256
21b2a584819e2f2da414073499f3ac174f94da76cc423b8eee38e6349da6ce99
-
SHA512
09846765ff26452fcdcd8323f05ef1f2a55fdb9c9d9e33a1b806f75e71c7784f2b00774b81bbe822b8e99b6087f1b9f6422c7233ce1ace9e1de4707c3316f524
-
SSDEEP
24576:RXvyb/1zhcrszNQqLtWiSlTI7u0PmSN3:5vyJiUQgwTI7
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5