General
-
Target
FlashPlayerDownloadManager.exe
-
Size
263KB
-
Sample
250316-114vpa1tgx
-
MD5
d99f84dbc10c1bdf979d330a092dc046
-
SHA1
553a7afd08be4fb8880e9c7d0065e1fce3645f38
-
SHA256
ce958e0fed577192e6d4a5ed1985acfe87e40b7c1527e7d6c93d745edde254a3
-
SHA512
a82b0fcad2e3672ee80e8397248bd5c6e73ab816eebed663bbf29f049a73cd8f3b86f3a01fc018f467db06275f4fed2ba857cb5dfed415f683f80ae69de342fb
-
SSDEEP
3072:3nlVICUkLrGGTINTBfkIBaTMRWpodlTcEc25u5kD6kFvnb9:3nXMkx8NTBcBT+dl4EfuSDRFp
Static task
static1
Behavioral task
behavioral1
Sample
FlashPlayerDownloadManager.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FlashPlayerDownloadManager.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
FlashPlayerDownloadManager.exe
-
Size
263KB
-
MD5
d99f84dbc10c1bdf979d330a092dc046
-
SHA1
553a7afd08be4fb8880e9c7d0065e1fce3645f38
-
SHA256
ce958e0fed577192e6d4a5ed1985acfe87e40b7c1527e7d6c93d745edde254a3
-
SHA512
a82b0fcad2e3672ee80e8397248bd5c6e73ab816eebed663bbf29f049a73cd8f3b86f3a01fc018f467db06275f4fed2ba857cb5dfed415f683f80ae69de342fb
-
SSDEEP
3072:3nlVICUkLrGGTINTBfkIBaTMRWpodlTcEc25u5kD6kFvnb9:3nXMkx8NTBcBT+dl4EfuSDRFp
-
Chaos Ransomware
-
Chaos family
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7