General
-
Target
aee86a6fb2b296639cc1e2d550292919
-
Size
97KB
-
Sample
240229-tfrw3aec37
-
MD5
aee86a6fb2b296639cc1e2d550292919
-
SHA1
cd712025fc8b5f48d73aabbbdcc5ec65e85d23c0
-
SHA256
fa22b7b157fc0497ac80c629293c3080ee073350a0c17a2677107089b0d5f8f9
-
SHA512
2d4ac564562b301cf31a7c0a66fe3fb212fe382ad40d40b5f314cd64bdcce3f6f7ab4acf999074648072bba55a40e53cb4023a10dedd8be956b20ed8287b2bd2
-
SSDEEP
1536:vsQWr0dn+n/oRodpABHwDXeDaoQJo1GmQL0TtxtJcSlLUr:EQWrSeoRodtDuDF1GmjPc2c
Static task
static1
Behavioral task
behavioral1
Sample
aee86a6fb2b296639cc1e2d550292919.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
aee86a6fb2b296639cc1e2d550292919
-
Size
97KB
-
MD5
aee86a6fb2b296639cc1e2d550292919
-
SHA1
cd712025fc8b5f48d73aabbbdcc5ec65e85d23c0
-
SHA256
fa22b7b157fc0497ac80c629293c3080ee073350a0c17a2677107089b0d5f8f9
-
SHA512
2d4ac564562b301cf31a7c0a66fe3fb212fe382ad40d40b5f314cd64bdcce3f6f7ab4acf999074648072bba55a40e53cb4023a10dedd8be956b20ed8287b2bd2
-
SSDEEP
1536:vsQWr0dn+n/oRodpABHwDXeDaoQJo1GmQL0TtxtJcSlLUr:EQWrSeoRodtDuDF1GmjPc2c
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5