General
-
Target
ca39977d2c63551e523b49bba341434d7bd1de45a5dc78e7102f2854d21f3e95
-
Size
175KB
-
Sample
240518-cvk9dsfh4z
-
MD5
6a61a3d7d8ea4a373a2b71d50f166882
-
SHA1
bf3d7a162624857a267e197dbd745b120dba239c
-
SHA256
ca39977d2c63551e523b49bba341434d7bd1de45a5dc78e7102f2854d21f3e95
-
SHA512
48f5ac05f965713515c8b00c5b84e72fa2d109deac8c2235bda191661ec208dabd2f991636bd0859170fc16873a595315b61f306d6bec327210422e7efb5ad69
-
SSDEEP
3072:aftffjmNaftffjmNmcoa3b9OBFhfY6XHNNTGkZm1MOTLjAimZcoa3b9OBF:aVfjmNaVfjmNm+BOBbfY6XHjSkZmGgje
Static task
static1
Behavioral task
behavioral1
Sample
ca39977d2c63551e523b49bba341434d7bd1de45a5dc78e7102f2854d21f3e95.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ca39977d2c63551e523b49bba341434d7bd1de45a5dc78e7102f2854d21f3e95
-
Size
175KB
-
MD5
6a61a3d7d8ea4a373a2b71d50f166882
-
SHA1
bf3d7a162624857a267e197dbd745b120dba239c
-
SHA256
ca39977d2c63551e523b49bba341434d7bd1de45a5dc78e7102f2854d21f3e95
-
SHA512
48f5ac05f965713515c8b00c5b84e72fa2d109deac8c2235bda191661ec208dabd2f991636bd0859170fc16873a595315b61f306d6bec327210422e7efb5ad69
-
SSDEEP
3072:aftffjmNaftffjmNmcoa3b9OBFhfY6XHNNTGkZm1MOTLjAimZcoa3b9OBF:aVfjmNaVfjmNm+BOBbfY6XHjSkZmGgje
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3