8756c87e295b557bd618fce59c40bf415537ee84b6405256998afd11295b889d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8756c87e295b557bd618fce59c40bf415537ee84b6405256998afd11295b889d
Size

194KB
Sample

220919-rgft3sccb2
MD5

012cb5824827634f1dcf720f61085c92
SHA1

3fd56f7eb7c3b53e3ee74b2cd9846e247dfb54cc
SHA256

8756c87e295b557bd618fce59c40bf415537ee84b6405256998afd11295b889d
SHA512

38ea30972f35bbe0d62f9d8651aa53542ed8786f4701450bc4c83583af6734deaad71b4ef92bee5c6ae56dbda7d641855debb9379853f77ab4f3b5836de12f7c
SSDEEP

6144:Sny9jYByeN8EmnqcDkeQMAtwMoEHAkOrhcS:jeBy28EmnroeQMAtv6hb

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8756c87e295b557bd618fce59c40bf415537ee84b6405256998afd11295b889d
- Size
  
  194KB
- MD5
  
  012cb5824827634f1dcf720f61085c92
- SHA1
  
  3fd56f7eb7c3b53e3ee74b2cd9846e247dfb54cc
- SHA256
  
  8756c87e295b557bd618fce59c40bf415537ee84b6405256998afd11295b889d
- SHA512
  
  38ea30972f35bbe0d62f9d8651aa53542ed8786f4701450bc4c83583af6734deaad71b4ef92bee5c6ae56dbda7d641855debb9379853f77ab4f3b5836de12f7c
- SSDEEP
  
  6144:Sny9jYByeN8EmnqcDkeQMAtwMoEHAkOrhcS:jeBy28EmnroeQMAtv6hb
Score

8^/10

persistence
- Modifies AppInit DLL entries
  persistence
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2