General
-
Target
8484b7f2018cb463514aa33de8c5f17942efcf9b36ce0f7e7941e8aa9af1d6a2
-
Size
1.2MB
-
Sample
240525-t54bdsag4w
-
MD5
9f620be412f0aa3ea2a17b6e74a86248
-
SHA1
28cc31d9bdcb98d0ffdd811e42b599e8eaf0cc38
-
SHA256
8484b7f2018cb463514aa33de8c5f17942efcf9b36ce0f7e7941e8aa9af1d6a2
-
SHA512
d85de2ff1a1569223a59a2156b87e5fa16bcac98c572764bc20f62bb6f723ea6a13c66585006ef59a0bde0fa90d6a360a73f9cf92f06699ca3396a5829357199
-
SSDEEP
24576:nqo1V4IDQ1rThff+r/ibJIRYP6h953+VlLExqWXTHRyWtv4r6P574X:nqoTDerQKw3+vExqWXTxyWF4r6P574X
Static task
static1
Behavioral task
behavioral1
Sample
8484b7f2018cb463514aa33de8c5f17942efcf9b36ce0f7e7941e8aa9af1d6a2.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
8484b7f2018cb463514aa33de8c5f17942efcf9b36ce0f7e7941e8aa9af1d6a2
-
Size
1.2MB
-
MD5
9f620be412f0aa3ea2a17b6e74a86248
-
SHA1
28cc31d9bdcb98d0ffdd811e42b599e8eaf0cc38
-
SHA256
8484b7f2018cb463514aa33de8c5f17942efcf9b36ce0f7e7941e8aa9af1d6a2
-
SHA512
d85de2ff1a1569223a59a2156b87e5fa16bcac98c572764bc20f62bb6f723ea6a13c66585006ef59a0bde0fa90d6a360a73f9cf92f06699ca3396a5829357199
-
SSDEEP
24576:nqo1V4IDQ1rThff+r/ibJIRYP6h953+VlLExqWXTHRyWtv4r6P574X:nqoTDerQKw3+vExqWXTxyWF4r6P574X
-
Modifies firewall policy service
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5