General
-
Target
7zipInstall
-
Size
1.7MB
-
Sample
240916-y2xrnaxgpp
-
MD5
2f1c289f01194fd6bc6308625890cd12
-
SHA1
b02e5d248908f52c06339d53ed45f0e138262685
-
SHA256
224b65935f96db7d2a4696db4bf5f6ce539879e3f887d1e281d8fcfbe3da3da0
-
SHA512
f59f69a49f2a08c121944dc0a82fd71d7ca574e5d3d4e2b26991f3340f4cf50349ddcc2a8740bcfabcec7828df78b01a6ca72a69ef3fa41ae6544cf0b0630df1
-
SSDEEP
49152:4DsaqltwW/jlSQ9T235RQ0vgBj+yxKVgzQqFJbx9:4DsflD/jlSQMY9xK61FJV9
Static task
static1
Behavioral task
behavioral1
Sample
7zipInstall.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
7zipInstall
-
Size
1.7MB
-
MD5
2f1c289f01194fd6bc6308625890cd12
-
SHA1
b02e5d248908f52c06339d53ed45f0e138262685
-
SHA256
224b65935f96db7d2a4696db4bf5f6ce539879e3f887d1e281d8fcfbe3da3da0
-
SHA512
f59f69a49f2a08c121944dc0a82fd71d7ca574e5d3d4e2b26991f3340f4cf50349ddcc2a8740bcfabcec7828df78b01a6ca72a69ef3fa41ae6544cf0b0630df1
-
SSDEEP
49152:4DsaqltwW/jlSQ9T235RQ0vgBj+yxKVgzQqFJbx9:4DsflD/jlSQMY9xK61FJV9
-
Modifies firewall policy service
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5