General
-
Target
2024-05-22_c1a6d8bcd536cf7de00bc146a111715f_bkransomware
-
Size
529KB
-
Sample
240522-2tzstscb36
-
MD5
c1a6d8bcd536cf7de00bc146a111715f
-
SHA1
117387008ff4d92631f5e2eaf510c3241d795311
-
SHA256
08e4466e0ee7b93fd4a7aa406070539d64fdac951fd6c73aa8ff0d09318b4021
-
SHA512
a6525706346aa1fdb2034961318762ba45fbfb2c409dadbfd538a23ad85c1f03a8a9032d5dcf1e7934a21668d79555dd8a7150c4d066ac8353809487db063a97
-
SSDEEP
6144:UYrIOXsqmWzJrdc6GJRQUtGUA9PRWLiFSbE56FORFIX1PlMmW:Q2lWRPthA9PRWg9YjMm
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-22_c1a6d8bcd536cf7de00bc146a111715f_bkransomware.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-05-22_c1a6d8bcd536cf7de00bc146a111715f_bkransomware
-
Size
529KB
-
MD5
c1a6d8bcd536cf7de00bc146a111715f
-
SHA1
117387008ff4d92631f5e2eaf510c3241d795311
-
SHA256
08e4466e0ee7b93fd4a7aa406070539d64fdac951fd6c73aa8ff0d09318b4021
-
SHA512
a6525706346aa1fdb2034961318762ba45fbfb2c409dadbfd538a23ad85c1f03a8a9032d5dcf1e7934a21668d79555dd8a7150c4d066ac8353809487db063a97
-
SSDEEP
6144:UYrIOXsqmWzJrdc6GJRQUtGUA9PRWLiFSbE56FORFIX1PlMmW:Q2lWRPthA9PRWg9YjMm
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1