Overview

overview

10

Static

static

10

fa4f6b5212...6c.dll

windows7_x64

1

fa4f6b5212...6c.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c

  • Size

    136KB

  • Sample

    220201-lzsnpscecp

  • MD5

    0079a697b8acbb0aa35f9f662f38debe

  • SHA1

    e2b64333e4d4d9bf3eed1a7b5bf701eb6e4ad77e

  • SHA256

    fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c

  • SHA512

    5eb2a2045d0215f0f4c15505638b046e84db1a497e0c77e022938945b5f20ef238a50084b1ebcbe02c2425f7d8983650269f2729c6b5d41de12875539764c4f2

Score
10/10
anchordnsbackdoorpersistence

Malware Config

Targets

    • Target

      fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c

    • Size

      136KB

    • MD5

      0079a697b8acbb0aa35f9f662f38debe

    • SHA1

      e2b64333e4d4d9bf3eed1a7b5bf701eb6e4ad77e

    • SHA256

      fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c

    • SHA512

      5eb2a2045d0215f0f4c15505638b046e84db1a497e0c77e022938945b5f20ef238a50084b1ebcbe02c2425f7d8983650269f2729c6b5d41de12875539764c4f2

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks