General
-
Target
98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7
-
Size
2.4MB
-
Sample
240301-x9rd6scb6x
-
MD5
1265208535a17b0fd034101e446221a4
-
SHA1
3d70ba59f4af6a56e0726e0683649c476634f2f3
-
SHA256
98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7
-
SHA512
9f4eaad31960dc16ad96fce184f6dc2e567ee944259b71a835f63e28701428f364248926d7c1188373f085aed42ad3b4d565abbcb81b8f72837d18edc64dedc9
-
SSDEEP
49152:s7PTF2VY3cJgk4lRsocD8mbaTI+LSsrDilurcPPiUJ7NrPTlcPUv20jvP5s8:s752G3n3socD8m+LjXilurcPPig7NrxF
Behavioral task
behavioral1
Sample
98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7
-
Size
2.4MB
-
MD5
1265208535a17b0fd034101e446221a4
-
SHA1
3d70ba59f4af6a56e0726e0683649c476634f2f3
-
SHA256
98c5054bd28b428953089d0024c1cc0b67576290f739d32064ced3efd2f925b7
-
SHA512
9f4eaad31960dc16ad96fce184f6dc2e567ee944259b71a835f63e28701428f364248926d7c1188373f085aed42ad3b4d565abbcb81b8f72837d18edc64dedc9
-
SSDEEP
49152:s7PTF2VY3cJgk4lRsocD8mbaTI+LSsrDilurcPPiUJ7NrPTlcPUv20jvP5s8:s752G3n3socD8m+LjXilurcPPig7NrxF
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5