golddragon | 386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8 | Triage

Submit
Reports

Overview

overview

Static

static

8

386e23ec5e...d8.dll

windows7_x64

386e23ec5e...d8.dll

windows10-2004_x64

Sharing

General

Target

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
Size

271KB
Sample

220319-m3j2eagdaq
MD5

a49c43b4d6b5610e0719a3947b9ecf8f
SHA1

392883730fb2e9146a565a298d980632bde30650
SHA256

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
SHA512

3d9680fa03a1fee9e64904f4108517a8de3e37976490b04bc717ea1e5b23cfec89ab3fe295e61e24b6617a5a5b15564ffb598785b32828c89f1b3e92e5f525f0

Score

10^/10

golddragon backdoor suricata vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8.dll

Resource

win7-20220311-en

golddragon backdoor suricata vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8.dll

Resource

win10v2004-en-20220113

golddragon backdoor suricata vmprotect

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
- Size
  
  271KB
- MD5
  
  a49c43b4d6b5610e0719a3947b9ecf8f
- SHA1
  
  392883730fb2e9146a565a298d980632bde30650
- SHA256
  
  386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
- SHA512
  
  3d9680fa03a1fee9e64904f4108517a8de3e37976490b04bc717ea1e5b23cfec89ab3fe295e61e24b6617a5a5b15564ffb598785b32828c89f1b3e92e5f525f0
Score

10^/10

golddragon backdoor suricata vmprotect
- GoldDragon
  GoldDragon is a second-stage backdoor attributed to Kimsuky.
  backdoor golddragon
- suricata: ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Blocklisted process makes network request
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

golddragonbackdoorsuricatavmprotect

behavioral2

golddragonbackdoorsuricatavmprotect

© 2018-2024

Terms | Privacy