Overview

overview

10

Static

static

73.exe

windows7_x64

10

73.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73.exe

  • Size

    196KB

  • Sample

    220611-tqq3hsffck

  • MD5

    113ac743212e56ac38d22182d7b38385

  • SHA1

    f1098d33d3fe81e370ea1d75096f51d3bebcd855

  • SHA256

    dfde4df8173b90daa38575d60c96bfc157e045a04e16e46bf073a64fdfd1285e

  • SHA512

    ea3f71ea5a135c96a8b768ad4c1f5405892c28ec148981608de2433fdaca3bd80b2c90af5a39c9e67603829fabd1c60b11023511cc56f1d2d0106c747788c320

Score
10/10
persistencesuricataupx

Malware Config

Targets

    • Target

      73.exe

    • Size

      196KB

    • MD5

      113ac743212e56ac38d22182d7b38385

    • SHA1

      f1098d33d3fe81e370ea1d75096f51d3bebcd855

    • SHA256

      dfde4df8173b90daa38575d60c96bfc157e045a04e16e46bf073a64fdfd1285e

    • SHA512

      ea3f71ea5a135c96a8b768ad4c1f5405892c28ec148981608de2433fdaca3bd80b2c90af5a39c9e67603829fabd1c60b11023511cc56f1d2d0106c747788c320

    Score
    10/10
    persistencesuricataupx

    • suricata: ET MALWARE Backdoor.Win32.Pushdo.s Checkin

      suricata: ET MALWARE Backdoor.Win32.Pushdo.s Checkin

      suricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks