General
-
Target
5fbdf8ec2016bd1182896f1dda346d12af71fb3fbfdca4ae7f9d0266151dbd2e.exe
-
Size
176KB
-
Sample
240519-mjvnssec7z
-
MD5
0e8acf4f2931765ede72461518632120
-
SHA1
f5d5c4b54584014c1c5d6c8b7f936e286b2d86b1
-
SHA256
5fbdf8ec2016bd1182896f1dda346d12af71fb3fbfdca4ae7f9d0266151dbd2e
-
SHA512
99e8819ae3ef4a27de5a1faab97407e90f4a2f67b9ab5228a3c79dd6e6fb2ab0bc0041e77134f3fe6820557d1c063378227bbc47d09433fa0bb5a28bf43ae8a3
-
SSDEEP
3072:kVJvcLqR7QAJJ+JwBVWWvMaRDr0td4LVXA:ZLq1nvRDr+d4JA
Static task
static1
Behavioral task
behavioral1
Sample
5fbdf8ec2016bd1182896f1dda346d12af71fb3fbfdca4ae7f9d0266151dbd2e.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
5fbdf8ec2016bd1182896f1dda346d12af71fb3fbfdca4ae7f9d0266151dbd2e.exe
-
Size
176KB
-
MD5
0e8acf4f2931765ede72461518632120
-
SHA1
f5d5c4b54584014c1c5d6c8b7f936e286b2d86b1
-
SHA256
5fbdf8ec2016bd1182896f1dda346d12af71fb3fbfdca4ae7f9d0266151dbd2e
-
SHA512
99e8819ae3ef4a27de5a1faab97407e90f4a2f67b9ab5228a3c79dd6e6fb2ab0bc0041e77134f3fe6820557d1c063378227bbc47d09433fa0bb5a28bf43ae8a3
-
SSDEEP
3072:kVJvcLqR7QAJJ+JwBVWWvMaRDr0td4LVXA:ZLq1nvRDr+d4JA
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6