General
-
Target
3953d9fb50481c4c1ac15d7032a6977551764743f84d94d10f5202be164f00f2
-
Size
1.9MB
-
Sample
240424-apgynsda5x
-
MD5
0249e536946ecdee7fc96462981f9051
-
SHA1
f8d57ca34b945114ab12e9d6ab72f798ed9fe101
-
SHA256
3953d9fb50481c4c1ac15d7032a6977551764743f84d94d10f5202be164f00f2
-
SHA512
1893ea7fb7e60a507962ed7efb620478f734f230f1b1f8a6a8541f79dec575dff852b74363048661b9a7de3106593d190846e7edd42da9ba31125fc249497f5d
-
SSDEEP
49152:BM3dbEnmZgJH6iADNsNn/3JQErFu/fEHHhF/poL9WpTo5pp9P:BOdbEnMgJaB5mn/3JQf/snXpi9WpToZt
Behavioral task
behavioral1
Sample
3953d9fb50481c4c1ac15d7032a6977551764743f84d94d10f5202be164f00f2.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
3953d9fb50481c4c1ac15d7032a6977551764743f84d94d10f5202be164f00f2
-
Size
1.9MB
-
MD5
0249e536946ecdee7fc96462981f9051
-
SHA1
f8d57ca34b945114ab12e9d6ab72f798ed9fe101
-
SHA256
3953d9fb50481c4c1ac15d7032a6977551764743f84d94d10f5202be164f00f2
-
SHA512
1893ea7fb7e60a507962ed7efb620478f734f230f1b1f8a6a8541f79dec575dff852b74363048661b9a7de3106593d190846e7edd42da9ba31125fc249497f5d
-
SSDEEP
49152:BM3dbEnmZgJH6iADNsNn/3JQErFu/fEHHhF/poL9WpTo5pp9P:BOdbEnMgJaB5mn/3JQf/snXpi9WpToZt
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3