General
-
Target
491647d7b61df3309fd6f389172a33d6c25edae73b4523b1ad025e9784194ce7
-
Size
689KB
-
Sample
240630-w1brpavgkm
-
MD5
52a0860155906d97838ac445fb91d303
-
SHA1
b6a2317d54c964e270fb63508b12e0c390f9b06a
-
SHA256
491647d7b61df3309fd6f389172a33d6c25edae73b4523b1ad025e9784194ce7
-
SHA512
0b2c3da7b07e7ab5ee926aca352fe6fc76007aa0b006efaa23b55db4cae2b362c091839d181a5004f62c1601b966809dd511c638b7448defeba9de1aad030a09
-
SSDEEP
12288:5tpyxhomlpOKPjAavqoBWOmNsaBoPvnTEHeK5d:VyxhoUTv5Wtsa0vA+K5
Static task
static1
Behavioral task
behavioral1
Sample
491647d7b61df3309fd6f389172a33d6c25edae73b4523b1ad025e9784194ce7.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
491647d7b61df3309fd6f389172a33d6c25edae73b4523b1ad025e9784194ce7
-
Size
689KB
-
MD5
52a0860155906d97838ac445fb91d303
-
SHA1
b6a2317d54c964e270fb63508b12e0c390f9b06a
-
SHA256
491647d7b61df3309fd6f389172a33d6c25edae73b4523b1ad025e9784194ce7
-
SHA512
0b2c3da7b07e7ab5ee926aca352fe6fc76007aa0b006efaa23b55db4cae2b362c091839d181a5004f62c1601b966809dd511c638b7448defeba9de1aad030a09
-
SSDEEP
12288:5tpyxhomlpOKPjAavqoBWOmNsaBoPvnTEHeK5d:VyxhoUTv5Wtsa0vA+K5
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1