General
-
Target
806e17c79eb172fb5e9e60949e79602adc4d16a4f17d6726db16706c99ff7d6a
-
Size
3.7MB
-
Sample
240328-scr7zsab22
-
MD5
b3071a13b8888a0ce03176bae1835964
-
SHA1
0cef940ad504fa49a23100a064171ff97923750f
-
SHA256
806e17c79eb172fb5e9e60949e79602adc4d16a4f17d6726db16706c99ff7d6a
-
SHA512
e4d658129659c5cfa890621c618e539dd6ec46a6a4b9f8b61a092c90121ba6912d98e66a1931d82a0d34666a1f30eccaf1f90a216c134b1a945a3a9959e379cb
-
SSDEEP
6144:oVfhguj+VfhgujHXIZ3aWdn7ze+km1SXcmZXq1EzdUfUmkdJbA:SJgukJguMZ3aWUnm1/cmiU
Static task
static1
Behavioral task
behavioral1
Sample
806e17c79eb172fb5e9e60949e79602adc4d16a4f17d6726db16706c99ff7d6a.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
806e17c79eb172fb5e9e60949e79602adc4d16a4f17d6726db16706c99ff7d6a
-
Size
3.7MB
-
MD5
b3071a13b8888a0ce03176bae1835964
-
SHA1
0cef940ad504fa49a23100a064171ff97923750f
-
SHA256
806e17c79eb172fb5e9e60949e79602adc4d16a4f17d6726db16706c99ff7d6a
-
SHA512
e4d658129659c5cfa890621c618e539dd6ec46a6a4b9f8b61a092c90121ba6912d98e66a1931d82a0d34666a1f30eccaf1f90a216c134b1a945a3a9959e379cb
-
SSDEEP
6144:oVfhguj+VfhgujHXIZ3aWdn7ze+km1SXcmZXq1EzdUfUmkdJbA:SJgukJguMZ3aWUnm1/cmiU
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3