General
-
Target
c1f4b4026ca70d36f74bd1af256aaec0N.exe
-
Size
120KB
-
Sample
240820-n6plqsvarq
-
MD5
c1f4b4026ca70d36f74bd1af256aaec0
-
SHA1
7c0c8541cf96ceb51fddf55f78138aef254916c0
-
SHA256
d88784f782338adfd393532f64f18af41d763984487a824d771fe70e35e27b74
-
SHA512
b056337cfe31db9ea9798774aa1625cb8c99c5336851ff4927a58c87c3c73e1a99964ae6954ae8982d6beb093852c4c81dc246099add5fbebc391c55fc891137
-
SSDEEP
3072:r8Ksoef/401GfWvG/K9Cz52hwmu4r/17xOIvs0GwqQmWq:r8Ks/X401rvYqoK1rxcmZZqGq
Static task
static1
Behavioral task
behavioral1
Sample
c1f4b4026ca70d36f74bd1af256aaec0N.dll
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c1f4b4026ca70d36f74bd1af256aaec0N.exe
-
Size
120KB
-
MD5
c1f4b4026ca70d36f74bd1af256aaec0
-
SHA1
7c0c8541cf96ceb51fddf55f78138aef254916c0
-
SHA256
d88784f782338adfd393532f64f18af41d763984487a824d771fe70e35e27b74
-
SHA512
b056337cfe31db9ea9798774aa1625cb8c99c5336851ff4927a58c87c3c73e1a99964ae6954ae8982d6beb093852c4c81dc246099add5fbebc391c55fc891137
-
SSDEEP
3072:r8Ksoef/401GfWvG/K9Cz52hwmu4r/17xOIvs0GwqQmWq:r8Ks/X401rvYqoK1rxcmZZqGq
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5