General
-
Target
54dc2ed54bf0aa11e0ad1e3bd6907b78b8e15255c462758f148e03d34508da2a
-
Size
120KB
-
Sample
240628-1k9q1awckl
-
MD5
baa2dcd480a0adebf87f06340f11169d
-
SHA1
e5288e62a356b0f88d59e180dbcd8be36a033c33
-
SHA256
54dc2ed54bf0aa11e0ad1e3bd6907b78b8e15255c462758f148e03d34508da2a
-
SHA512
62780aec25412fd702c2e56788df133b27c0359226b6a323a6085458c5b393e4d4c6f3787220d2aac34b98b1b11c20875720555e46f9848c6a82b26f563e06e5
-
SSDEEP
3072:SiD0yNHqF9JtaWTWNmxs/CQd6FFtbpoYFTCzAvVXALfnDK:SmHCJsNDq3doYF+zcALfDK
Static task
static1
Behavioral task
behavioral1
Sample
54dc2ed54bf0aa11e0ad1e3bd6907b78b8e15255c462758f148e03d34508da2a.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
54dc2ed54bf0aa11e0ad1e3bd6907b78b8e15255c462758f148e03d34508da2a
-
Size
120KB
-
MD5
baa2dcd480a0adebf87f06340f11169d
-
SHA1
e5288e62a356b0f88d59e180dbcd8be36a033c33
-
SHA256
54dc2ed54bf0aa11e0ad1e3bd6907b78b8e15255c462758f148e03d34508da2a
-
SHA512
62780aec25412fd702c2e56788df133b27c0359226b6a323a6085458c5b393e4d4c6f3787220d2aac34b98b1b11c20875720555e46f9848c6a82b26f563e06e5
-
SSDEEP
3072:SiD0yNHqF9JtaWTWNmxs/CQd6FFtbpoYFTCzAvVXALfnDK:SmHCJsNDq3doYF+zcALfDK
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1