Overview

overview

10

Static

static

10

92796e61f7...ff.dll

windows7_x64

1

92796e61f7...ff.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff

  • Size

    136KB

  • Sample

    220201-l18rbadbc7

  • MD5

    41db0c2202d64e967fd6789f00c576fa

  • SHA1

    9dfce70fded4f3bc2aa50ca772b0f9094b7b1fb2

  • SHA256

    92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff

  • SHA512

    d2624e7a1dbeeab9c47f682389f5244ecc703dbf9cd351e2ffa0b1b79fe786fb533416609cd386c44c5f3e89f38140898a4dbc2af0a308f10987cc3c5ec085ba

Score
10/10
anchordnsbackdoorpersistence

Malware Config

Targets

    • Target

      92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff

    • Size

      136KB

    • MD5

      41db0c2202d64e967fd6789f00c576fa

    • SHA1

      9dfce70fded4f3bc2aa50ca772b0f9094b7b1fb2

    • SHA256

      92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff

    • SHA512

      d2624e7a1dbeeab9c47f682389f5244ecc703dbf9cd351e2ffa0b1b79fe786fb533416609cd386c44c5f3e89f38140898a4dbc2af0a308f10987cc3c5ec085ba

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks