Overview

overview

10

Static

static

10

5f49b4e7f7...1d.dll

windows7_x64

1

5f49b4e7f7...1d.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d

  • Size

    134KB

  • Sample

    220201-l2rjesdbd6

  • MD5

    29465a900924318d4707117e41287ff0

  • SHA1

    9a577e5e5380b40f7d9b4a6fe5a0d8c9e400659e

  • SHA256

    5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d

  • SHA512

    19cef069614a1271b6ceebbbb435d6c746c2da32bd8caf014dcd8b3bab4af207640bac5ab2440f8dada28de45cd643e7c84b1e0c4e37df9ae407c3443e733426

Score
10/10
anchordnsbackdoorpersistence

Malware Config

Targets

    • Target

      5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d

    • Size

      134KB

    • MD5

      29465a900924318d4707117e41287ff0

    • SHA1

      9a577e5e5380b40f7d9b4a6fe5a0d8c9e400659e

    • SHA256

      5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d

    • SHA512

      19cef069614a1271b6ceebbbb435d6c746c2da32bd8caf014dcd8b3bab4af207640bac5ab2440f8dada28de45cd643e7c84b1e0c4e37df9ae407c3443e733426

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks