Overview

overview

10

Static

static

10

13d4e3de89...d6.dll

windows7_x64

3

13d4e3de89...d6.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6

  • Size

    164KB

  • Sample

    220201-l3v81acegl

  • MD5

    db998ff70608040dcd06e0fc3fba1704

  • SHA1

    1bca38d4c1f0a2f00a164687685186e02da61468

  • SHA256

    13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6

  • SHA512

    1d7c0697cc1fd6283a4e554ec4293d34d9b0cfee7946559022b30dd37c5cdd81a02593e6b601513002731b1aed71ee55c74ffa6594833eaf0c8234df8402b5b8

Score
10/10
anchordnsbackdoorpersistence

Malware Config

Targets

    • Target

      13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6

    • Size

      164KB

    • MD5

      db998ff70608040dcd06e0fc3fba1704

    • SHA1

      1bca38d4c1f0a2f00a164687685186e02da61468

    • SHA256

      13d4e3de896371db26a29b73f7d5e24f4f2a916da8deb0f249b8f604656bedd6

    • SHA512

      1d7c0697cc1fd6283a4e554ec4293d34d9b0cfee7946559022b30dd37c5cdd81a02593e6b601513002731b1aed71ee55c74ffa6594833eaf0c8234df8402b5b8

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks