General
-
Target
bcf3a1358c8a9a7ff917fe27cdac4dc6eb7ef4d4102166498396089ddd5c2664
-
Size
120KB
-
Sample
240630-bvz7wa1gng
-
MD5
158a4ffdc52453ed8b625c64f1db23f6
-
SHA1
f4bc2b1f9aff0c35111a86c61f6dbde4f80f733a
-
SHA256
bcf3a1358c8a9a7ff917fe27cdac4dc6eb7ef4d4102166498396089ddd5c2664
-
SHA512
aa7d8b73a041257e40f3a9460ae1e12724a9bce5b64145382c41d39c4819e970fbb243fa958241dd2f3a5b7e592178c7309d5dc2488005fc77f90b3c9712aa1e
-
SSDEEP
3072:i/KlPRxHXU9ldr9BMFlOy1OkIOl76QOrnc/Uw:JPRlkJ9sIkdrOrc/9
Static task
static1
Behavioral task
behavioral1
Sample
bcf3a1358c8a9a7ff917fe27cdac4dc6eb7ef4d4102166498396089ddd5c2664.dll
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
bcf3a1358c8a9a7ff917fe27cdac4dc6eb7ef4d4102166498396089ddd5c2664
-
Size
120KB
-
MD5
158a4ffdc52453ed8b625c64f1db23f6
-
SHA1
f4bc2b1f9aff0c35111a86c61f6dbde4f80f733a
-
SHA256
bcf3a1358c8a9a7ff917fe27cdac4dc6eb7ef4d4102166498396089ddd5c2664
-
SHA512
aa7d8b73a041257e40f3a9460ae1e12724a9bce5b64145382c41d39c4819e970fbb243fa958241dd2f3a5b7e592178c7309d5dc2488005fc77f90b3c9712aa1e
-
SSDEEP
3072:i/KlPRxHXU9ldr9BMFlOy1OkIOl76QOrnc/Uw:JPRlkJ9sIkdrOrc/9
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1