General
-
Target
2024-06-30_9930184bfe3f2a6e964ebbfcececd585_bkransomware
-
Size
520KB
-
Sample
240630-ysdbnaxcpm
-
MD5
9930184bfe3f2a6e964ebbfcececd585
-
SHA1
31604a135255898f949b876bd8b3d0be697a5ebe
-
SHA256
1969764d05a47d65afe229f2a52b5e9349e0dc0c40e44f63fad24d50f9934e76
-
SHA512
4b74abd86d0133e0764a8bd7689375a6e4fc9765496ecbb9f4484d371064f158325c52e732a29a3aa40897cc27b1ca412fd60261c3b6e7c620a4b70cd216a472
-
SSDEEP
6144:YoyZmTAsfJFakxaLjcMkc0Cax1PmgGp6bYA0w601+dNT9/0626ASkVOAFAo9WUZn:YoyIJsMPrP6p6bYboEdNLo9R3rz
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-30_9930184bfe3f2a6e964ebbfcececd585_bkransomware.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-06-30_9930184bfe3f2a6e964ebbfcececd585_bkransomware
-
Size
520KB
-
MD5
9930184bfe3f2a6e964ebbfcececd585
-
SHA1
31604a135255898f949b876bd8b3d0be697a5ebe
-
SHA256
1969764d05a47d65afe229f2a52b5e9349e0dc0c40e44f63fad24d50f9934e76
-
SHA512
4b74abd86d0133e0764a8bd7689375a6e4fc9765496ecbb9f4484d371064f158325c52e732a29a3aa40897cc27b1ca412fd60261c3b6e7c620a4b70cd216a472
-
SSDEEP
6144:YoyZmTAsfJFakxaLjcMkc0Cax1PmgGp6bYA0w601+dNT9/0626ASkVOAFAo9WUZn:YoyIJsMPrP6p6bYboEdNLo9R3rz
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1