General
-
Target
aa58bd18f3c287144b0ff32170b35e59
-
Size
100KB
-
Sample
240227-2ny94sde4s
-
MD5
aa58bd18f3c287144b0ff32170b35e59
-
SHA1
29a16d85356ca10fdbc1592ce8d1ef890472f9fe
-
SHA256
88fb4556a1628d8e3e01889f2b8f43903f565688725cf6f47d26f22681b04b52
-
SHA512
2b5df6465046e2949953596b413de2e88bb4b5b2750bbf4cf90b20a98cc4657d7c66ed252da2cd33562e7c2ae81d519fd465390eb681507aae401aa9825bcb5d
-
SSDEEP
1536:W+oculfkgeE8n+eQRSvd0JeIpTQzQ3BVGvielcR02v9H9FSF70z:WCulkgA+PSl0Jve0RV3elOV9Hz8U
Static task
static1
Behavioral task
behavioral1
Sample
aa58bd18f3c287144b0ff32170b35e59.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
aa58bd18f3c287144b0ff32170b35e59
-
Size
100KB
-
MD5
aa58bd18f3c287144b0ff32170b35e59
-
SHA1
29a16d85356ca10fdbc1592ce8d1ef890472f9fe
-
SHA256
88fb4556a1628d8e3e01889f2b8f43903f565688725cf6f47d26f22681b04b52
-
SHA512
2b5df6465046e2949953596b413de2e88bb4b5b2750bbf4cf90b20a98cc4657d7c66ed252da2cd33562e7c2ae81d519fd465390eb681507aae401aa9825bcb5d
-
SSDEEP
1536:W+oculfkgeE8n+eQRSvd0JeIpTQzQ3BVGvielcR02v9H9FSF70z:WCulkgA+PSl0Jve0RV3elOV9Hz8U
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5