General
-
Target
014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a
-
Size
798KB
-
Sample
241015-1dq1bayare
-
MD5
9bc31e0832cc9203159b50c80c442604
-
SHA1
f34f0d31f4906fdd903532c4cc790ed9acec868a
-
SHA256
014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a
-
SHA512
078b0a94e38a4d44c1a30c1dc240383b698b1541149efa36b3bdfac5e9c20b7f11f3115cb9ca26147438d7b25a308384f4d8b103ad2ee14a75da7466d0219339
-
SSDEEP
12288:oWuD+tBznOVqoNq+Otn78KKufxls5P0mn5Od1Dz5Od1Dt1w4goDbzGo:oWuDqNY/Ot72yzyta4gojR
Static task
static1
Behavioral task
behavioral1
Sample
014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a
-
Size
798KB
-
MD5
9bc31e0832cc9203159b50c80c442604
-
SHA1
f34f0d31f4906fdd903532c4cc790ed9acec868a
-
SHA256
014d9bb8a848c04a7cc16030942042f5c6e7d7c312ee939b5f3a0fb9273b3a9a
-
SHA512
078b0a94e38a4d44c1a30c1dc240383b698b1541149efa36b3bdfac5e9c20b7f11f3115cb9ca26147438d7b25a308384f4d8b103ad2ee14a75da7466d0219339
-
SSDEEP
12288:oWuD+tBznOVqoNq+Otn78KKufxls5P0mn5Od1Dz5Od1Dt1w4goDbzGo:oWuDqNY/Ot72yzyta4gojR
-
Modifies firewall policy service
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1