General
-
Target
cfbf1ad2434980fb289a153b334ad9f65cf19db903f77eda2563c6ca892a7c69
-
Size
543KB
-
Sample
240629-2amn6a1eqn
-
MD5
57a9cfd170d1e96b318f75fe008f8be0
-
SHA1
eed39956b07e83fb0b09e8237c1e20eb294eea68
-
SHA256
cfbf1ad2434980fb289a153b334ad9f65cf19db903f77eda2563c6ca892a7c69
-
SHA512
206f17c239ccd9a45bf6c5fdf8b6aa31975c644a03b6b82c80fa380a4fcf23d9c31f89829c0e51d9251d61d6b0f25ac9722b21568b36cc6fde3064435ceab28e
-
SSDEEP
6144:SVfjmNFBqBcLb+Vb3aZfhQuSZa5z42qGjZ32D+a48g4vKGggHSawol8Utv55DHtI:s7+b8cveb3aVhQxsURGIgLZ/csbEM/h
Static task
static1
Behavioral task
behavioral1
Sample
cfbf1ad2434980fb289a153b334ad9f65cf19db903f77eda2563c6ca892a7c69.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
cfbf1ad2434980fb289a153b334ad9f65cf19db903f77eda2563c6ca892a7c69
-
Size
543KB
-
MD5
57a9cfd170d1e96b318f75fe008f8be0
-
SHA1
eed39956b07e83fb0b09e8237c1e20eb294eea68
-
SHA256
cfbf1ad2434980fb289a153b334ad9f65cf19db903f77eda2563c6ca892a7c69
-
SHA512
206f17c239ccd9a45bf6c5fdf8b6aa31975c644a03b6b82c80fa380a4fcf23d9c31f89829c0e51d9251d61d6b0f25ac9722b21568b36cc6fde3064435ceab28e
-
SSDEEP
6144:SVfjmNFBqBcLb+Vb3aZfhQuSZa5z42qGjZ32D+a48g4vKGggHSawol8Utv55DHtI:s7+b8cveb3aVhQxsURGIgLZ/csbEM/h
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1