General
-
Target
3fdbef7cbaaa5ad1d15d3ecd6f54f5d875d3296737579689148b8798033a2b0cN
-
Size
199KB
-
Sample
240930-tqj9zayckf
-
MD5
bdd219ed9e9cb4ba6566a02591bc0890
-
SHA1
d441b327479a6fb1224911a1e2ff80b979aca0bf
-
SHA256
3fdbef7cbaaa5ad1d15d3ecd6f54f5d875d3296737579689148b8798033a2b0c
-
SHA512
b44e80f9b96b9df4dd090b6a026496373219e1ef2bac93928787e8c7200f1781ac66501c2cb1581979ca2d2c6f48583ac7c8a8334e01e723f313d6f74f9e1f6c
-
SSDEEP
6144:VNZZmX5Q50rp7OilBzXhSjkPmKzMmin0p0:VNCXu50rROCNSjgmKIse
Static task
static1
Behavioral task
behavioral1
Sample
3fdbef7cbaaa5ad1d15d3ecd6f54f5d875d3296737579689148b8798033a2b0cN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3fdbef7cbaaa5ad1d15d3ecd6f54f5d875d3296737579689148b8798033a2b0cN.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
dqbqm.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
dqbqm.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Extracted
lokibot
http://45.133.1.20/oluwa/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3fdbef7cbaaa5ad1d15d3ecd6f54f5d875d3296737579689148b8798033a2b0cN
-
Size
199KB
-
MD5
bdd219ed9e9cb4ba6566a02591bc0890
-
SHA1
d441b327479a6fb1224911a1e2ff80b979aca0bf
-
SHA256
3fdbef7cbaaa5ad1d15d3ecd6f54f5d875d3296737579689148b8798033a2b0c
-
SHA512
b44e80f9b96b9df4dd090b6a026496373219e1ef2bac93928787e8c7200f1781ac66501c2cb1581979ca2d2c6f48583ac7c8a8334e01e723f313d6f74f9e1f6c
-
SSDEEP
6144:VNZZmX5Q50rp7OilBzXhSjkPmKzMmin0p0:VNCXu50rROCNSjgmKIse
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
-
-
Target
dqbqm.exe
-
Size
4KB
-
MD5
9e97fa67ee2f72bd5fe817b69e7052aa
-
SHA1
310a10f5be2ec6a26f1290cbddc31617b21dd6ab
-
SHA256
cf4c39eb098cf3ef872c73963061fae1e99cf60d3e3014f22c7ed65d5d2abd26
-
SHA512
10aa5eb2cddb998aef08cdb609d86aefdd55039eee70e14aae53ae557957c060b54f52cbfcfd5d5e64719ad122769b445da43ad63d89ae2a943c0b24fb6d18f4
-
SSDEEP
48:vpgo2oIoUY39jJFQhHheIPiceulG8KvAGI3V6TIkt/tYmR:BPllhJKPxlgAGI38trVR
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1