General
-
Target
179550d8db74726e449f6d3ffc9734b43c88d21d20bb03e554b3009c25b74c5f
-
Size
1.0MB
-
Sample
240629-brmsda1apr
-
MD5
9a1c42042be407c78e3f1ff570a390a7
-
SHA1
0a44e081d37310cf72f0a86464107a7c402a1b1f
-
SHA256
179550d8db74726e449f6d3ffc9734b43c88d21d20bb03e554b3009c25b74c5f
-
SHA512
78b4dbed8490404140dc1dc3e3ef4667e7c81b0dfcd2d82f5e8428788406a924e04ee015928430d7d5c075cae356266cf73628e51063285306bc350e72a58534
-
SSDEEP
24576:l7H7f78khm7l72B2J797fqZ7f9HCrO0fmbGD4uz/cFDy:l7H7f7857l72BQ797y71HCrc/uzEo
Static task
static1
Behavioral task
behavioral1
Sample
179550d8db74726e449f6d3ffc9734b43c88d21d20bb03e554b3009c25b74c5f.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
179550d8db74726e449f6d3ffc9734b43c88d21d20bb03e554b3009c25b74c5f
-
Size
1.0MB
-
MD5
9a1c42042be407c78e3f1ff570a390a7
-
SHA1
0a44e081d37310cf72f0a86464107a7c402a1b1f
-
SHA256
179550d8db74726e449f6d3ffc9734b43c88d21d20bb03e554b3009c25b74c5f
-
SHA512
78b4dbed8490404140dc1dc3e3ef4667e7c81b0dfcd2d82f5e8428788406a924e04ee015928430d7d5c075cae356266cf73628e51063285306bc350e72a58534
-
SSDEEP
24576:l7H7f78khm7l72B2J797fqZ7f9HCrO0fmbGD4uz/cFDy:l7H7f7857l72BQ797y71HCrc/uzEo
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1