General
-
Target
R2登录器制作工具(带更新,反外挂,简约皮肤).exe
-
Size
2.8MB
-
Sample
240705-gpqn5sweje
-
MD5
75d53417d21654acbe4565e04a5e3353
-
SHA1
18f996da80eee26b0fe48da445586f190aa710bd
-
SHA256
ecbc34e6b5739a37dc046dfecf8e067eff30b4d1a4bf7531147286fbb45e1be5
-
SHA512
91231190df5e55dd5fc330dd39651998206bdae2de91c0274e9a9c3d1c856aaef4031b3a24356c1a4f41abd6f017714f8e45112025f01a24e421747700223307
-
SSDEEP
49152:5XWtGqeLA3MUwfOBIDGVV99pM78Q/9tf7D/0aJoYKsaABNTHpSNk50AjOOZALIE:5mreLKyfO24VRM78Q/9hEeobnABNTANF
Behavioral task
behavioral1
Sample
R2登录器制作工具(带更新,反外挂,简约皮肤).exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
R2登录器制作工具(带更新,反外挂,简约皮肤).exe
-
Size
2.8MB
-
MD5
75d53417d21654acbe4565e04a5e3353
-
SHA1
18f996da80eee26b0fe48da445586f190aa710bd
-
SHA256
ecbc34e6b5739a37dc046dfecf8e067eff30b4d1a4bf7531147286fbb45e1be5
-
SHA512
91231190df5e55dd5fc330dd39651998206bdae2de91c0274e9a9c3d1c856aaef4031b3a24356c1a4f41abd6f017714f8e45112025f01a24e421747700223307
-
SSDEEP
49152:5XWtGqeLA3MUwfOBIDGVV99pM78Q/9tf7D/0aJoYKsaABNTHpSNk50AjOOZALIE:5mreLKyfO24VRM78Q/9hEeobnABNTANF
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1