General
-
Target
a96f56eceb3e2b5b8dfe6e065a4b23c8
-
Size
334KB
-
Sample
240227-r78b1scb5v
-
MD5
a96f56eceb3e2b5b8dfe6e065a4b23c8
-
SHA1
9ae2fd1e6b5633cd60df8ff1d4f6b48d9f668490
-
SHA256
621604f37ddfbe8c196a2e7e3f1a7a40e2eba5ea8f8cd9cffad282ad48d83a44
-
SHA512
38567f59848faad1f0f3badadfaa6a47538f47d09b4037a02d479ebf6bd1aadb271464c55380f277dc86c46610d2672667c5eb8d3e07a5c6792afaab846c29d7
-
SSDEEP
6144:JbsvyxLVasjHY1B5Movh5hyO0R7ar34c+Z6/fJcHrKaTfEGC5iiYy:8IjHWaahvwRur3QmJ2rKiE15TYy
Static task
static1
Behavioral task
behavioral1
Sample
a96f56eceb3e2b5b8dfe6e065a4b23c8.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
a96f56eceb3e2b5b8dfe6e065a4b23c8
-
Size
334KB
-
MD5
a96f56eceb3e2b5b8dfe6e065a4b23c8
-
SHA1
9ae2fd1e6b5633cd60df8ff1d4f6b48d9f668490
-
SHA256
621604f37ddfbe8c196a2e7e3f1a7a40e2eba5ea8f8cd9cffad282ad48d83a44
-
SHA512
38567f59848faad1f0f3badadfaa6a47538f47d09b4037a02d479ebf6bd1aadb271464c55380f277dc86c46610d2672667c5eb8d3e07a5c6792afaab846c29d7
-
SSDEEP
6144:JbsvyxLVasjHY1B5Movh5hyO0R7ar34c+Z6/fJcHrKaTfEGC5iiYy:8IjHWaahvwRur3QmJ2rKiE15TYy
-
Modifies firewall policy service
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1