General
-
Target
ab867943697e1c416ef0ac79f4a39a10
-
Size
832KB
-
Sample
240228-k4l62sfh6t
-
MD5
ab867943697e1c416ef0ac79f4a39a10
-
SHA1
7068d9b8fe2cafb549d87690f897fd6fa02fe9c6
-
SHA256
848f35a88d997305b003d262f278fd710c3496faebadf2e28843b9d2ffe55052
-
SHA512
9fc575af6dccb34a6a12b54212ed4f466e3dbb8dc039284401908b4a579d9c5d319436c47956493614d0dd1247ab959acdadc6f371ff89bda57e7837138875f0
-
SSDEEP
24576:gUFa7K4Jy/fVtktVGPrfO/WxvaXUTcLHFpSYiVtktVGPrfO/WDW:ZqMlSyfO/WxyXukHFISyfO/Wi
Static task
static1
Behavioral task
behavioral1
Sample
ab867943697e1c416ef0ac79f4a39a10.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ab867943697e1c416ef0ac79f4a39a10
-
Size
832KB
-
MD5
ab867943697e1c416ef0ac79f4a39a10
-
SHA1
7068d9b8fe2cafb549d87690f897fd6fa02fe9c6
-
SHA256
848f35a88d997305b003d262f278fd710c3496faebadf2e28843b9d2ffe55052
-
SHA512
9fc575af6dccb34a6a12b54212ed4f466e3dbb8dc039284401908b4a579d9c5d319436c47956493614d0dd1247ab959acdadc6f371ff89bda57e7837138875f0
-
SSDEEP
24576:gUFa7K4Jy/fVtktVGPrfO/WxvaXUTcLHFpSYiVtktVGPrfO/WDW:ZqMlSyfO/WxyXukHFISyfO/Wi
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1