General

  • Target

    tmp

  • Size

    196KB

  • Sample

    220611-erjmhaagdn

  • MD5

    113ac743212e56ac38d22182d7b38385

  • SHA1

    f1098d33d3fe81e370ea1d75096f51d3bebcd855

  • SHA256

    dfde4df8173b90daa38575d60c96bfc157e045a04e16e46bf073a64fdfd1285e

  • SHA512

    ea3f71ea5a135c96a8b768ad4c1f5405892c28ec148981608de2433fdaca3bd80b2c90af5a39c9e67603829fabd1c60b11023511cc56f1d2d0106c747788c320

Malware Config

Targets

    • Target

      tmp

    • Size

      196KB

    • MD5

      113ac743212e56ac38d22182d7b38385

    • SHA1

      f1098d33d3fe81e370ea1d75096f51d3bebcd855

    • SHA256

      dfde4df8173b90daa38575d60c96bfc157e045a04e16e46bf073a64fdfd1285e

    • SHA512

      ea3f71ea5a135c96a8b768ad4c1f5405892c28ec148981608de2433fdaca3bd80b2c90af5a39c9e67603829fabd1c60b11023511cc56f1d2d0106c747788c320

    • suricata: ET MALWARE Backdoor.Win32.Pushdo.s Checkin

      suricata: ET MALWARE Backdoor.Win32.Pushdo.s Checkin

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks