General
-
Target
1.0.0.2.exe
-
Size
5.0MB
-
Sample
240705-gpqn5stdnr
-
MD5
ad809738e208d99a28009023546bc695
-
SHA1
3326e4971b5b23122dac680dfb9eb41df0692267
-
SHA256
775939b8bf22ee4999cebd8d9e1525ca9417464b5fe6ed1778f0a7b43d07d6ef
-
SHA512
2c730917acab6344b187a2e208bd0753f78c4afd4804a209b3af034a1c8d90e50f7ebc3a00556bd79dac2fa385c2376622d88ad65f1ef4ee5e8fcce5af23a5cb
-
SSDEEP
98304:k2ONi+29K/WE9PhBGjohAInvqIKofZP5UyeAQQm4OTb12pcFS+fRXN/f0ykSJf+P:k4+SK9hh4M5v9fZP5UNDcOnMp0xN/8dn
Behavioral task
behavioral1
Sample
1.0.0.2.exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
1.0.0.2.exe
-
Size
5.0MB
-
MD5
ad809738e208d99a28009023546bc695
-
SHA1
3326e4971b5b23122dac680dfb9eb41df0692267
-
SHA256
775939b8bf22ee4999cebd8d9e1525ca9417464b5fe6ed1778f0a7b43d07d6ef
-
SHA512
2c730917acab6344b187a2e208bd0753f78c4afd4804a209b3af034a1c8d90e50f7ebc3a00556bd79dac2fa385c2376622d88ad65f1ef4ee5e8fcce5af23a5cb
-
SSDEEP
98304:k2ONi+29K/WE9PhBGjohAInvqIKofZP5UyeAQQm4OTb12pcFS+fRXN/f0ykSJf+P:k4+SK9hh4M5v9fZP5UNDcOnMp0xN/8dn
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Pre-OS Boot
1Bootkit
1