anchordns | fa0977ebb108a965239edddcf2d3bc2e45865df289a9aa448e78cca956d52d96 | Triage

Submit
Reports

Overview

overview

Static

static

546bf4fc68...4a.exe

windows7_x64

546bf4fc68...4a.exe

windows10_x64

Sharing

General

Target

5648194998534144.zip
Size

262KB
Sample

210726-tavc2wghwx
MD5

144ec45a61f2c058fc81b741c03220b7
SHA1

9155ff82a4743ceb8adcae1d42062c7fd9012c6c
SHA256

fa0977ebb108a965239edddcf2d3bc2e45865df289a9aa448e78cca956d52d96
SHA512

2a5ed87a05dc0f36f1779b507a7c8b23964f66cd0601cf7a368747bcff45a6a0b0be42e1d3bd2f8ea86086486e532e913fc91f5984e88c6b7434eb1eb0f41766

Score

10^/10

anchordns backdoor discovery persistence spyware stealer suricata

Static task

static1

backdoor anchordns

Behavioral task

behavioral1

Sample

546bf4fc684c5d1e17b204a28c795a414124335b6ef7cbadf52ae8fbadcb2a4a.exe

Resource

win7v20210410

anchordns backdoor suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

546bf4fc684c5d1e17b204a28c795a414124335b6ef7cbadf52ae8fbadcb2a4a.exe

Resource

win10v20210408

anchordns backdoor discovery persistence spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  546bf4fc684c5d1e17b204a28c795a414124335b6ef7cbadf52ae8fbadcb2a4a
- Size
  
  474KB
- MD5
  
  3690c361f7f2bdb1d1aed67c142bb90b
- SHA1
  
  028c7c3bc26376fb1680547c26ab9da0b93371c9
- SHA256
  
  546bf4fc684c5d1e17b204a28c795a414124335b6ef7cbadf52ae8fbadcb2a4a
- SHA512
  
  178a6c1fc442c6cb3896e64bc991dba692b521fe0c060851e82048d1494f8e72f6f668e35e341997754e1ffcca3289039b974ee48269045c57aead43efa5ea9e
Score

10^/10

anchordns backdoor suricata discovery persistence spyware stealer
- AnchorDNS Backdoor
  A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.
  backdoor anchordns
- Detected AnchorDNS Backdoor
  Sample triggered yara rules associated with the AnchorDNS malware family.
  backdoor
- suricata: ET MALWARE Anchor_DNS Trickbot DNS CnC Command - Sending Data
  suricata
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

backdooranchordns

behavioral1

anchordnsbackdoorsuricata

behavioral2

anchordnsbackdoordiscoverypersistencespywarestealersuricata

© 2018-2025

Terms | Privacy