General
-
Target
5bfc2c9fa92025c8353e887c64796110N.exe
-
Size
564KB
-
Sample
240726-1pcbaszenh
-
MD5
5bfc2c9fa92025c8353e887c64796110
-
SHA1
c9406a3387b30c15e1997746832a1e6a3b396db6
-
SHA256
ecfacdf9186ee26b063dfa26161a07643838d9d89a457b19aaf8e84494a2be09
-
SHA512
a1ed9651c0b23bb6383b38237bbcaf3ddbd91800b773a1ba2977ab3983e91d752478360171a58728fd23e5670d978a302c35437cc35dd46436948a9c2631aea4
-
SSDEEP
12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVv:teh0PpS6NxNnwYeOHXAhWTv
Static task
static1
Behavioral task
behavioral1
Sample
5bfc2c9fa92025c8353e887c64796110N.dll
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
5bfc2c9fa92025c8353e887c64796110N.exe
-
Size
564KB
-
MD5
5bfc2c9fa92025c8353e887c64796110
-
SHA1
c9406a3387b30c15e1997746832a1e6a3b396db6
-
SHA256
ecfacdf9186ee26b063dfa26161a07643838d9d89a457b19aaf8e84494a2be09
-
SHA512
a1ed9651c0b23bb6383b38237bbcaf3ddbd91800b773a1ba2977ab3983e91d752478360171a58728fd23e5670d978a302c35437cc35dd46436948a9c2631aea4
-
SSDEEP
12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVv:teh0PpS6NxNnwYeOHXAhWTv
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6