Overview

overview

10

Static

static

577c6c2c6f...46.exe

windows7-x64

10

577c6c2c6f...46.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    577c6c2c6fdf17a6ed04dff2e8da4c982332c955cda48bdae87c340e46626446

  • Size

    1.0MB

  • Sample

    220724-12qz8aadap

  • MD5

    203bd1419cb3a6f70d6606a7e7a7a4a2

  • SHA1

    46faa2aade421560da587f6e7ce91be481470c89

  • SHA256

    577c6c2c6fdf17a6ed04dff2e8da4c982332c955cda48bdae87c340e46626446

  • SHA512

    0af366b975037ae85d7472094158979f2d5268bc09da9c0f0de46c9ef3a1b87a3839d4b16fb38a099044e1d5a15fd3fe2efb449caeedc4ebaf23194a5a089101

Score
10/10
evasionpersistencesuricata

Malware Config

Targets

    • Target

      577c6c2c6fdf17a6ed04dff2e8da4c982332c955cda48bdae87c340e46626446

    • Size

      1.0MB

    • MD5

      203bd1419cb3a6f70d6606a7e7a7a4a2

    • SHA1

      46faa2aade421560da587f6e7ce91be481470c89

    • SHA256

      577c6c2c6fdf17a6ed04dff2e8da4c982332c955cda48bdae87c340e46626446

    • SHA512

      0af366b975037ae85d7472094158979f2d5268bc09da9c0f0de46c9ef3a1b87a3839d4b16fb38a099044e1d5a15fd3fe2efb449caeedc4ebaf23194a5a089101

    Score
    10/10
    evasionpersistencesuricata

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • suricata: ET MALWARE ZeroAccess Outbound udp traffic detected

      suricata: ET MALWARE ZeroAccess Outbound udp traffic detected

      suricata

    • suricata: ET MALWARE ZeroAccess udp traffic detected

      suricata: ET MALWARE ZeroAccess udp traffic detected

      suricata

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks