General
-
Target
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
Size
2.0MB
-
Sample
240423-crs5tsbe79
-
MD5
f41ad1e9b99154dc5cc1b562c2166ca2
-
SHA1
3de885cc21dfa13fea14cb9d73bab6b09fb2b889
-
SHA256
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
SHA512
49d5ac77e9186b72067c28d6974d0aa1b82b20dc78913296876e04e0e8ced17336600b8b3bd8192053d940202af9feb732b4a38e3006ccafa6fb4856d7147960
-
SSDEEP
49152:47sM3dbEnmZgJH6iADNsNn/3JQErFu/fEHHhF/poL9WpTo5pp9P:hOdbEnMgJaB5mn/3JQf/snXpi9WpToZt
Static task
static1
Behavioral task
behavioral1
Sample
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
Size
2.0MB
-
MD5
f41ad1e9b99154dc5cc1b562c2166ca2
-
SHA1
3de885cc21dfa13fea14cb9d73bab6b09fb2b889
-
SHA256
7c1454bb85428230d10e8afc863e2207e53cf6aa9c47735dcf18b73d49244a7b
-
SHA512
49d5ac77e9186b72067c28d6974d0aa1b82b20dc78913296876e04e0e8ced17336600b8b3bd8192053d940202af9feb732b4a38e3006ccafa6fb4856d7147960
-
SSDEEP
49152:47sM3dbEnmZgJH6iADNsNn/3JQErFu/fEHHhF/poL9WpTo5pp9P:hOdbEnMgJaB5mn/3JQf/snXpi9WpToZt
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3