General
-
Target
2d121ea1219cd013d36149a1166995b1e472d9b607a074625240006921990022
-
Size
120KB
-
Sample
240701-yr3j6azhql
-
MD5
4b88e4c297ba62173831d9663e7b25c6
-
SHA1
223305e0105b08f7393774b8dc85b90e36b788cc
-
SHA256
2d121ea1219cd013d36149a1166995b1e472d9b607a074625240006921990022
-
SHA512
3297d27c2679c67aaf5481fe0e3093023aa59bd1fd362f4b46fbd67973c14399c9fb5d97c2f99b042d73a026d324ad628336337eeb6786791013f580438faf02
-
SSDEEP
3072:tkJM+dd6zp8AxQxQT5wbzqXKLL1941AQv6SwDj1RvcVV:WZK98PS6EKLh941xv6jDj1Rk
Static task
static1
Behavioral task
behavioral1
Sample
2d121ea1219cd013d36149a1166995b1e472d9b607a074625240006921990022.dll
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2d121ea1219cd013d36149a1166995b1e472d9b607a074625240006921990022
-
Size
120KB
-
MD5
4b88e4c297ba62173831d9663e7b25c6
-
SHA1
223305e0105b08f7393774b8dc85b90e36b788cc
-
SHA256
2d121ea1219cd013d36149a1166995b1e472d9b607a074625240006921990022
-
SHA512
3297d27c2679c67aaf5481fe0e3093023aa59bd1fd362f4b46fbd67973c14399c9fb5d97c2f99b042d73a026d324ad628336337eeb6786791013f580438faf02
-
SSDEEP
3072:tkJM+dd6zp8AxQxQT5wbzqXKLL1941AQv6SwDj1RvcVV:WZK98PS6EKLh941xv6jDj1Rk
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1