General
-
Target
ddf559b3ff64dd4f97fbcdb714bdd5080dee3ec2e05490e02639c4ade47a234c
-
Size
120KB
-
Sample
240629-ek1x7stdnj
-
MD5
0dc89f9b7a17746391e7e9d921696fcb
-
SHA1
5ea70ee11755c803f591675c2158b1556a3da4b8
-
SHA256
ddf559b3ff64dd4f97fbcdb714bdd5080dee3ec2e05490e02639c4ade47a234c
-
SHA512
0b546c4328b00e4f8a5487dd970bf59888604f2db191fdef9ab398a7b37994f96c68906bbe3f1bdd4709abec7696bb443973ba58d590596c7e5d704a4a9bf4c0
-
SSDEEP
3072:wuY2rvoQC6+YzK+0kmqzJMy9PXTEPXIKY0bxEYB:xoV6+JHkDtR9PYPYP0bxEY
Static task
static1
Behavioral task
behavioral1
Sample
ddf559b3ff64dd4f97fbcdb714bdd5080dee3ec2e05490e02639c4ade47a234c.dll
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
ddf559b3ff64dd4f97fbcdb714bdd5080dee3ec2e05490e02639c4ade47a234c
-
Size
120KB
-
MD5
0dc89f9b7a17746391e7e9d921696fcb
-
SHA1
5ea70ee11755c803f591675c2158b1556a3da4b8
-
SHA256
ddf559b3ff64dd4f97fbcdb714bdd5080dee3ec2e05490e02639c4ade47a234c
-
SHA512
0b546c4328b00e4f8a5487dd970bf59888604f2db191fdef9ab398a7b37994f96c68906bbe3f1bdd4709abec7696bb443973ba58d590596c7e5d704a4a9bf4c0
-
SSDEEP
3072:wuY2rvoQC6+YzK+0kmqzJMy9PXTEPXIKY0bxEYB:xoV6+JHkDtR9PYPYP0bxEY
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1