General
-
Target
af3daa3f4b80553ca456e94113f86867
-
Size
100KB
-
Sample
240229-xn7t2aac26
-
MD5
af3daa3f4b80553ca456e94113f86867
-
SHA1
3244fbc76cace48e9ad837ac73a3e0a447b7299d
-
SHA256
88ef3d2354522d2fe53b95ff6cbad49a4f401ab42de2aa90a0e5ed605394519c
-
SHA512
439053af676d4349e0e30b500c32a790583e92c12ef107defca8afdcdcc76f4147d7013536c1f4056c221b01a9dd4a3ee2c91a6fced5af382fdfce5a7950be31
-
SSDEEP
3072:Lyk+ECf1Sv0zP8RuSS5myxHTeFT7LlytmjX1:LJCEvlonQ7Llytmr
Static task
static1
Behavioral task
behavioral1
Sample
af3daa3f4b80553ca456e94113f86867.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
af3daa3f4b80553ca456e94113f86867
-
Size
100KB
-
MD5
af3daa3f4b80553ca456e94113f86867
-
SHA1
3244fbc76cace48e9ad837ac73a3e0a447b7299d
-
SHA256
88ef3d2354522d2fe53b95ff6cbad49a4f401ab42de2aa90a0e5ed605394519c
-
SHA512
439053af676d4349e0e30b500c32a790583e92c12ef107defca8afdcdcc76f4147d7013536c1f4056c221b01a9dd4a3ee2c91a6fced5af382fdfce5a7950be31
-
SSDEEP
3072:Lyk+ECf1Sv0zP8RuSS5myxHTeFT7LlytmjX1:LJCEvlonQ7Llytmr
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5