General
-
Target
177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
-
Size
779KB
-
Sample
240629-g64bkawanq
-
MD5
bd8ea337c7cdee0b3c864e4a674b4c54
-
SHA1
fefe53dca16c7af5b4831d288a67da11f50172da
-
SHA256
177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
-
SHA512
6d19256527a793f86d6bceb6c04499c168528e7b2039830d1012b3f7b0c31603ffb345aaade0838a0d27b6fd825e4f33eeff712b3883dd1558ac299aa3ff247f
-
SSDEEP
24576:J7q7j7KwlqqBk07A77wehggc7R7QqK7NT7CiYoeS:J7q7j7KVqG07A7ceJc7R7QqK7NSvFS
Static task
static1
Behavioral task
behavioral1
Sample
177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
-
Size
779KB
-
MD5
bd8ea337c7cdee0b3c864e4a674b4c54
-
SHA1
fefe53dca16c7af5b4831d288a67da11f50172da
-
SHA256
177914300a1dcdbc1e3460dfdce421e7741e485b7b6e3dd8619c35ec16d60beb
-
SHA512
6d19256527a793f86d6bceb6c04499c168528e7b2039830d1012b3f7b0c31603ffb345aaade0838a0d27b6fd825e4f33eeff712b3883dd1558ac299aa3ff247f
-
SSDEEP
24576:J7q7j7KwlqqBk07A77wehggc7R7QqK7NT7CiYoeS:J7q7j7KVqG07A7ceJc7R7QqK7NSvFS
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1