General
-
Target
efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
-
Size
4.9MB
-
Sample
240221-jebtcadd63
-
MD5
8ca033b4f6ad41791a7aacb45396f048
-
SHA1
0d8a8fa29274074f9d69e76fe5cc736ec7b0cdba
-
SHA256
efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
-
SHA512
c852b741754ae029bd780adeb71b94b6c692aefb49baaee358600cb02e8941ea6c55290e530e855a691a2dba3164f5b2235038d661d5fd982262aaaa9c72b113
-
SSDEEP
24576:uVyYn7ZLqvCS8hANkawqRYDIB2UdGS76i32jFii:aYBpYeGSX325B
Static task
static1
Behavioral task
behavioral1
Sample
efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
-
Size
4.9MB
-
MD5
8ca033b4f6ad41791a7aacb45396f048
-
SHA1
0d8a8fa29274074f9d69e76fe5cc736ec7b0cdba
-
SHA256
efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
-
SHA512
c852b741754ae029bd780adeb71b94b6c692aefb49baaee358600cb02e8941ea6c55290e530e855a691a2dba3164f5b2235038d661d5fd982262aaaa9c72b113
-
SSDEEP
24576:uVyYn7ZLqvCS8hANkawqRYDIB2UdGS76i32jFii:aYBpYeGSX325B
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6Pre-OS Boot
1Bootkit
1