anchordns | d4bee9cf6a3a6b8c8d3e49622c125a9afdbefcb7d9aca3b4b33b73916c6730cc | Triage

Submit
Reports

Overview

overview

Static

static

f93b838dc8...48.exe

windows7_x64

f93b838dc8...48.exe

windows10_x64

Sharing

General

Target

6430014614700032.zip
Size

336KB
Sample

210720-1zn3tf1ega
MD5

eb8b5e2a39f72abadc34ca5f21bc75d2
SHA1

d9172cfb379f2341bf085f0c089ca2a869a97ee3
SHA256

d4bee9cf6a3a6b8c8d3e49622c125a9afdbefcb7d9aca3b4b33b73916c6730cc
SHA512

7c7f2cf967f3de5a991ced3b4f8023cd5c4312fa00f2c06ed860eb71b8e9b76d5ca5557c084656634dcc087d9464758eae011f19f4b7d277b0d9c1b0c264be7f

Score

10^/10

anchordns backdoor

Static task

static1

backdoor anchordns

Behavioral task

behavioral1

Sample

f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348.exe

Resource

win7v20210410

anchordns backdoor

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348.exe

Resource

win10v20210408

anchordns backdoor

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348
- Size
  
  663KB
- MD5
  
  faa84badf9eee5c7ab7c727f7ffe2c4f
- SHA1
  
  7b7923d89bb8d564b8be409476652d8005e19fba
- SHA256
  
  f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348
- SHA512
  
  42a27e1dc0106c032f1c5b11085573b97c092114d807d354b93788688e2dcd21c30c3d915c5365248ba5b77d155246a1c98d11336d2f16b66d71e0e386b40b63
Score

10^/10

anchordns backdoor
- AnchorDNS Backdoor
  A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.
  backdoor anchordns
- Detected AnchorDNS Backdoor
  Sample triggered yara rules associated with the AnchorDNS malware family.
  backdoor
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

backdooranchordns

behavioral1

anchordnsbackdoor

behavioral2

anchordnsbackdoor

© 2018-2025

Terms | Privacy