General
-
Target
3b5a0b425528f38b12795161266ab607c68876c05ba5e36bc05745822667915d
-
Size
992KB
-
Sample
240424-alkkdsda68
-
MD5
93976eebffe5a81f6a80a9685c0cbcb1
-
SHA1
22a27813be1ca0c597511450c6be0a359b0b5b7d
-
SHA256
3b5a0b425528f38b12795161266ab607c68876c05ba5e36bc05745822667915d
-
SHA512
08261ae6ce6ac1925d8424c76866912f0ad2d672339a78c4dac3adb8403478b9b9071a4884fce339966df279a8d11a256b68022441742cc8baed0126aaa504fe
-
SSDEEP
12288:GoGqUMvBCH5lOAQoVGAbTjQZfRGKMyHjZuE201rG3huigNwpsO:G1MvBy7OjoVLbQZpGKzDZuErhG3xgNGf
Static task
static1
Behavioral task
behavioral1
Sample
3b5a0b425528f38b12795161266ab607c68876c05ba5e36bc05745822667915d.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
3b5a0b425528f38b12795161266ab607c68876c05ba5e36bc05745822667915d
-
Size
992KB
-
MD5
93976eebffe5a81f6a80a9685c0cbcb1
-
SHA1
22a27813be1ca0c597511450c6be0a359b0b5b7d
-
SHA256
3b5a0b425528f38b12795161266ab607c68876c05ba5e36bc05745822667915d
-
SHA512
08261ae6ce6ac1925d8424c76866912f0ad2d672339a78c4dac3adb8403478b9b9071a4884fce339966df279a8d11a256b68022441742cc8baed0126aaa504fe
-
SSDEEP
12288:GoGqUMvBCH5lOAQoVGAbTjQZfRGKMyHjZuE201rG3huigNwpsO:G1MvBy7OjoVLbQZpGKzDZuErhG3xgNGf
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3