General
-
Target
9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
-
Size
1.4MB
-
Sample
240422-y26pkafg5s
-
MD5
325498b217d0b0ec66422357f0481dfa
-
SHA1
c85f1a5a0fec0d752525edc810ae2e96b6a5375c
-
SHA256
9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
-
SHA512
41a00b502303d06fad9f86a94c74f8cd84984a6f91e1c100df96866c21d5ad071d1067623b8332a34dd57cb8c8802377b14cbe6013c189bb13f41394f8156e91
-
SSDEEP
24576:dO2uYj3kfi6KUjjcbnB7lY1SUkhYigJI1f+avnDKfydfqf0U3J:+s6FcbnDb4JI1f+sDKfydif0S
Static task
static1
Behavioral task
behavioral1
Sample
9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
-
Size
1.4MB
-
MD5
325498b217d0b0ec66422357f0481dfa
-
SHA1
c85f1a5a0fec0d752525edc810ae2e96b6a5375c
-
SHA256
9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
-
SHA512
41a00b502303d06fad9f86a94c74f8cd84984a6f91e1c100df96866c21d5ad071d1067623b8332a34dd57cb8c8802377b14cbe6013c189bb13f41394f8156e91
-
SSDEEP
24576:dO2uYj3kfi6KUjjcbnB7lY1SUkhYigJI1f+avnDKfydfqf0U3J:+s6FcbnDb4JI1f+sDKfydif0S
-
Modifies firewall policy service
-
Blocklisted process makes network request
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify Tools
3Modify Registry
7Pre-OS Boot
1Bootkit
1