Overview

overview

8

Static

static

8db3a46d33...69.exe

windows7-x64

8

8db3a46d33...69.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    8db3a46d3391127573c82196fa8f5ef0666df7cd53a7d583ff55015e206f8869

  • Size

    152KB

  • Sample

    221002-p4zvcshbhl

  • MD5

    71301b15b37650260b1ea5c37f8b9e66

  • SHA1

    4b15e198d72029ecb1067dfbb99bc0ebda1ac64f

  • SHA256

    8db3a46d3391127573c82196fa8f5ef0666df7cd53a7d583ff55015e206f8869

  • SHA512

    e318ac7850878f1c31bc771ad4c8e9eea4ed260005578620dc7cce192d1569d67dbfd7cbab7c694ad9f12cd13c380bd155fbb8fcc7ad6d82231ececf80dc8b70

  • SSDEEP

    3072:W0A4qSU78MyGf7FMznNTOYIw2Zq+mkikSx/sGk7pwsFwDtY:NAxSUMy4nVkq+mZpUGGjFw+

Score
8/10
persistence

Malware Config

Targets

    • Target

      8db3a46d3391127573c82196fa8f5ef0666df7cd53a7d583ff55015e206f8869

    • Size

      152KB

    • MD5

      71301b15b37650260b1ea5c37f8b9e66

    • SHA1

      4b15e198d72029ecb1067dfbb99bc0ebda1ac64f

    • SHA256

      8db3a46d3391127573c82196fa8f5ef0666df7cd53a7d583ff55015e206f8869

    • SHA512

      e318ac7850878f1c31bc771ad4c8e9eea4ed260005578620dc7cce192d1569d67dbfd7cbab7c694ad9f12cd13c380bd155fbb8fcc7ad6d82231ececf80dc8b70

    • SSDEEP

      3072:W0A4qSU78MyGf7FMznNTOYIw2Zq+mkikSx/sGk7pwsFwDtY:NAxSUMy4nVkq+mZpUGGjFw+

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks