General
-
Target
7a5938a45f46ce30e329dfc56fb474aff7ac84c5c449bcbcbc3a16e4ac4fd39d
-
Size
1.9MB
-
Sample
240519-w525fabg9t
-
MD5
1c799a878cd00bbfe40f9efd23d84111
-
SHA1
20237045d9c1f27aa7418ac28268219405c97f50
-
SHA256
7a5938a45f46ce30e329dfc56fb474aff7ac84c5c449bcbcbc3a16e4ac4fd39d
-
SHA512
f3775333cf2dff6b81a9b0c020b24bf02001134a6fb6c9a8221dc54e480a0127143de747d1f61744bb58755291f1612bc2b28308418502aca5ffd5fdcecff86b
-
SSDEEP
49152:Xngc+CcwSunYh069wHNOw5iLZyyGwjRslmHPX2+:XngDCZHZQwHNO24jRsIHPm+
Static task
static1
Behavioral task
behavioral1
Sample
7a5938a45f46ce30e329dfc56fb474aff7ac84c5c449bcbcbc3a16e4ac4fd39d.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
7a5938a45f46ce30e329dfc56fb474aff7ac84c5c449bcbcbc3a16e4ac4fd39d
-
Size
1.9MB
-
MD5
1c799a878cd00bbfe40f9efd23d84111
-
SHA1
20237045d9c1f27aa7418ac28268219405c97f50
-
SHA256
7a5938a45f46ce30e329dfc56fb474aff7ac84c5c449bcbcbc3a16e4ac4fd39d
-
SHA512
f3775333cf2dff6b81a9b0c020b24bf02001134a6fb6c9a8221dc54e480a0127143de747d1f61744bb58755291f1612bc2b28308418502aca5ffd5fdcecff86b
-
SSDEEP
49152:Xngc+CcwSunYh069wHNOw5iLZyyGwjRslmHPX2+:XngDCZHZQwHNO24jRsIHPm+
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Pre-OS Boot
1Bootkit
1