Overview

overview

10

Static

static

10

bc1429bf4a...88.dll

windows7_x64

1

bc1429bf4a...88.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc1429bf4af71b89c060feaa6eff695e579818da77d15c271b20f603222bb688

  • Size

    135KB

  • Sample

    220201-l1kpgsdba7

  • MD5

    518d60555589b60095fc393b3f680555

  • SHA1

    0223b5cd97a941579381690a5c5ae4b2ee435271

  • SHA256

    bc1429bf4af71b89c060feaa6eff695e579818da77d15c271b20f603222bb688

  • SHA512

    2eee3ac7a25efa739f5de56cf734be5f740f21fd62de3bfc4b3b4cc8cc814ee74ef602fe0d124772cda4db88526ff7da0652480ee2d7cc348b7651e688158d70

Score
10/10
anchordnsbackdoorpersistence

Malware Config

Targets

    • Target

      bc1429bf4af71b89c060feaa6eff695e579818da77d15c271b20f603222bb688

    • Size

      135KB

    • MD5

      518d60555589b60095fc393b3f680555

    • SHA1

      0223b5cd97a941579381690a5c5ae4b2ee435271

    • SHA256

      bc1429bf4af71b89c060feaa6eff695e579818da77d15c271b20f603222bb688

    • SHA512

      2eee3ac7a25efa739f5de56cf734be5f740f21fd62de3bfc4b3b4cc8cc814ee74ef602fe0d124772cda4db88526ff7da0652480ee2d7cc348b7651e688158d70

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks