General
-
Target
84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
-
Size
97KB
-
Sample
241012-3186hsydqb
-
MD5
9d5b93494af485955e693fc17fbde767
-
SHA1
0efcf7e1d25adddc06201d4ba517edbce56012dd
-
SHA256
84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
-
SHA512
b851dc81c5c920c5797812968efd10fe1a9089f5e956ec11efc8466d997d2f18f53753a83d574eca0cc1c90b7ffe4fdaa22571f1ca1c80e8c9fd353748600b9c
-
SSDEEP
3072:8jsOsZ5hQ9co/7ijX1tS7EjJqKanai2db2:8W5h6ziX3S7EjJVli2db
Static task
static1
Behavioral task
behavioral1
Sample
84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
-
Size
97KB
-
MD5
9d5b93494af485955e693fc17fbde767
-
SHA1
0efcf7e1d25adddc06201d4ba517edbce56012dd
-
SHA256
84568c4803da37677d24a8e3093d9f53f38ca7f051041aa7b939c3778e09e374
-
SHA512
b851dc81c5c920c5797812968efd10fe1a9089f5e956ec11efc8466d997d2f18f53753a83d574eca0cc1c90b7ffe4fdaa22571f1ca1c80e8c9fd353748600b9c
-
SSDEEP
3072:8jsOsZ5hQ9co/7ijX1tS7EjJqKanai2db2:8W5h6ziX3S7EjJVli2db
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5