anchordns | 6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c

Sharing

Copy URL

Twitter E-mail

General

Target

6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c
Size

305KB
MD5

b21646d0e17312079f3e509d5e5a7830
SHA1

8beef55eee4608afe013741033f060c8f47804b5
SHA256

6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c
SHA512

e78421c6b1284f0c715a53d3fa59e403afb4ecddfee3e0259da9303565f583edf1694cc586715a1084b335da87073001e0f3e222493a8000cb1f55f457cb643a
SSDEEP

3072:DmmCnB8TGfAqM0FhHY1peaKPP4DZEYVyLm5IqPy1tMB/tzvs3NSywS6:vC4ChHAs/PMZbYLkby1OKgywS6

Score

10^/10

backdoor anchordns

Malware Config

Signatures

Anchordns family
anchordns

Detected AnchorDNS Backdoor 1 IoCs

Sample triggered yara rules associated with the AnchorDNS malware family.

backdoor

resource	yara_rule
sample	family_anchor_dns

Files

6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c
.exe windows x64

9f4d11b9d1e1bf849d9ba2486bb3e69d

Code Sign

06:27:e6:3c:fa:11:17:45:84:28:d3:92:df:aa:8d:ae
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-10-2019 00:00

Not After

28-09-2020 12:00

Subject

SERIALNUMBER=2884716-6,CN=Biller FIN Oy,O=Biller FIN Oy,L=Tampere,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:eb:10:f8:07:71:f1:aa:2c:3a:16:ce:2e:bc:98:41:08:88:e3:01
Signer

Actual PE Digest

ad:eb:10:f8:07:71:f1:aa:2c:3a:16:ce:2e:bc:98:41:08:88:e3:01

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=2884716-6,CN=Biller FIN Oy,O=Biller FIN Oy,L=Tampere,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

28-01-2022 14:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

WSAGetLastError
htonl

kernel32

WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetLocalTime
LocalFree
GetLastError
Sleep
GetTickCount64
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f4d11b9d1e1bf849d9ba2486bb3e69d

Code Sign

06:27:e6:3c:fa:11:17:45:84:28:d3:92:df:aa:8d:aeCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

ad:eb:10:f8:07:71:f1:aa:2c:3a:16:ce:2e:bc:98:41:08:88:e3:01Signer

Signature Validations

Verification

28-01-2022 14:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

ws2_32

kernel32

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 2KB - Virtual size: 1KB

06:27:e6:3c:fa:11:17:45:84:28:d3:92:df:aa:8d:ae
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

ad:eb:10:f8:07:71:f1:aa:2c:3a:16:ce:2e:bc:98:41:08:88:e3:01
Signer

28-01-2022 14:03
Valid: false

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 2KB - Virtual size: 1KB