General
-
Target
9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55
-
Size
2.7MB
-
Sample
240220-sfnzqsag59
-
MD5
e02f04f199248382c385d93e1ed0badb
-
SHA1
26551bc90c04891319c86d9684f2a5843ef66e41
-
SHA256
9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55
-
SHA512
6b90f714cc2bf25d51344a4cb29066a40b033ac425865384af55b37fba6bdd446d0d400ac305f91108b9084f1c3303831a6f95be99fe9c1601422a3979ada2d9
-
SSDEEP
49152:6t8MGGGN/DJAyC4yHJvu/wRwAjGeRj54r8:s8MGGGZlAyCPVuMG
Behavioral task
behavioral1
Sample
9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55
-
Size
2.7MB
-
MD5
e02f04f199248382c385d93e1ed0badb
-
SHA1
26551bc90c04891319c86d9684f2a5843ef66e41
-
SHA256
9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55
-
SHA512
6b90f714cc2bf25d51344a4cb29066a40b033ac425865384af55b37fba6bdd446d0d400ac305f91108b9084f1c3303831a6f95be99fe9c1601422a3979ada2d9
-
SSDEEP
49152:6t8MGGGN/DJAyC4yHJvu/wRwAjGeRj54r8:s8MGGGZlAyCPVuMG
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5