General
-
Target
7cd8df72bae75a4844426b0376984fa2d10f6b79cae532e43cacb5dd59f860aa
-
Size
2.7MB
-
Sample
240301-ydbvaacc5w
-
MD5
0a627967e64efce66cda02cd2201d2e9
-
SHA1
28f77ddcdf86d52fc9bcbf57f0c26506934b08c5
-
SHA256
7cd8df72bae75a4844426b0376984fa2d10f6b79cae532e43cacb5dd59f860aa
-
SHA512
919e54790dbbbab49490c3decfe6899019de9feffcefbf3a2610f3f4864b249c22b9ae40d4656f7c435c66d7b7f25089fa10d8715b8c017cb6f73812330180d9
-
SSDEEP
49152:At8MGGGN/DJAyC4yHJvu/wRwAjGeRj56QT:+8MGGGZlAyCPVuMIQT
Behavioral task
behavioral1
Sample
7cd8df72bae75a4844426b0376984fa2d10f6b79cae532e43cacb5dd59f860aa.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7cd8df72bae75a4844426b0376984fa2d10f6b79cae532e43cacb5dd59f860aa
-
Size
2.7MB
-
MD5
0a627967e64efce66cda02cd2201d2e9
-
SHA1
28f77ddcdf86d52fc9bcbf57f0c26506934b08c5
-
SHA256
7cd8df72bae75a4844426b0376984fa2d10f6b79cae532e43cacb5dd59f860aa
-
SHA512
919e54790dbbbab49490c3decfe6899019de9feffcefbf3a2610f3f4864b249c22b9ae40d4656f7c435c66d7b7f25089fa10d8715b8c017cb6f73812330180d9
-
SSDEEP
49152:At8MGGGN/DJAyC4yHJvu/wRwAjGeRj56QT:+8MGGGZlAyCPVuMIQT
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5