Overview

overview

10

Static

static

10

sample.bin.exe

windows7_x64

10

sample.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.bin

  • Size

    663KB

  • Sample

    210720-cwrpahg6x6

  • MD5

    faa84badf9eee5c7ab7c727f7ffe2c4f

  • SHA1

    7b7923d89bb8d564b8be409476652d8005e19fba

  • SHA256

    f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348

  • SHA512

    42a27e1dc0106c032f1c5b11085573b97c092114d807d354b93788688e2dcd21c30c3d915c5365248ba5b77d155246a1c98d11336d2f16b66d71e0e386b40b63

Score
10/10
anchordnsbackdoor

Malware Config

Targets

    • Target

      sample.bin

    • Size

      663KB

    • MD5

      faa84badf9eee5c7ab7c727f7ffe2c4f

    • SHA1

      7b7923d89bb8d564b8be409476652d8005e19fba

    • SHA256

      f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348

    • SHA512

      42a27e1dc0106c032f1c5b11085573b97c092114d807d354b93788688e2dcd21c30c3d915c5365248ba5b77d155246a1c98d11336d2f16b66d71e0e386b40b63

    Score
    10/10
    anchordnsbackdoor

    • AnchorDNS Backdoor

      A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.

      backdooranchordns

    • Detected AnchorDNS Backdoor

      Sample triggered yara rules associated with the AnchorDNS malware family.

      backdoor

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks