General
-
Target
2024-11-09_6cecaa8c6a1244c3f1223e93a19198f5_avoslocker_floxif_luca-stealer_magniber_revil
-
Size
28.0MB
-
Sample
241109-pnxeasvara
-
MD5
6cecaa8c6a1244c3f1223e93a19198f5
-
SHA1
49ffaba21859495a56a5b28450e743fecb8fb08b
-
SHA256
6960e9ed1805b9fa758ddd6b9c15a90127403376f0dcbfa2b3529d64b0f1b59f
-
SHA512
5a47251fcd08bee2a8019650b80763b63e4274f4e1364b9098c9ddbd7edd46a9c027c536e8ca68962f6295a778047a0c6a00c306f5ca8054cb30b16b611e6213
-
SSDEEP
393216:7wMgcWarkjNiqnapCGe7aAZBUdxgWHpi4+kAgYWqarqNW7fOkpSwA/BE:kMrkDnapDd2WHp7gC7xCa
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-09_6cecaa8c6a1244c3f1223e93a19198f5_avoslocker_floxif_luca-stealer_magniber_revil.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-11-09_6cecaa8c6a1244c3f1223e93a19198f5_avoslocker_floxif_luca-stealer_magniber_revil
-
Size
28.0MB
-
MD5
6cecaa8c6a1244c3f1223e93a19198f5
-
SHA1
49ffaba21859495a56a5b28450e743fecb8fb08b
-
SHA256
6960e9ed1805b9fa758ddd6b9c15a90127403376f0dcbfa2b3529d64b0f1b59f
-
SHA512
5a47251fcd08bee2a8019650b80763b63e4274f4e1364b9098c9ddbd7edd46a9c027c536e8ca68962f6295a778047a0c6a00c306f5ca8054cb30b16b611e6213
-
SSDEEP
393216:7wMgcWarkjNiqnapCGe7aAZBUdxgWHpi4+kAgYWqarqNW7fOkpSwA/BE:kMrkDnapDd2WHp7gC7xCa
-
Modifies firewall policy service
-
Sality family
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5