Overview

overview

8

Static

static

b6d195eb36...18.exe

windows7-x64

8

b6d195eb36...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b6d195eb3630be9704573b52c6601ec5e713f4ee0c11d2c9bb84d96ea420c118

  • Size

    136KB

  • Sample

    221002-pn5exagdgm

  • MD5

    7b01dfd195614b2fc8b373cb88b97f5a

  • SHA1

    bf46498bf30d09f3f3d1f7762bf870aa262ebbce

  • SHA256

    b6d195eb3630be9704573b52c6601ec5e713f4ee0c11d2c9bb84d96ea420c118

  • SHA512

    869fee05c685e923f54d0857c8ff85e3677fc9e1f2b6faaf3d8801ce149ff2b96f98b2512f770640298a546bd7675ed2f9c363ee7a19f203840c262087714598

  • SSDEEP

    3072:MrmsNiEPqweu9WFMgc6OsoTY2RyWOMujX3CjzZFmBzsg0Yc6:M64eu9SMuoTYoyWOMujX01FmFfbc6

Score
8/10
persistence

Malware Config

Targets

    • Target

      b6d195eb3630be9704573b52c6601ec5e713f4ee0c11d2c9bb84d96ea420c118

    • Size

      136KB

    • MD5

      7b01dfd195614b2fc8b373cb88b97f5a

    • SHA1

      bf46498bf30d09f3f3d1f7762bf870aa262ebbce

    • SHA256

      b6d195eb3630be9704573b52c6601ec5e713f4ee0c11d2c9bb84d96ea420c118

    • SHA512

      869fee05c685e923f54d0857c8ff85e3677fc9e1f2b6faaf3d8801ce149ff2b96f98b2512f770640298a546bd7675ed2f9c363ee7a19f203840c262087714598

    • SSDEEP

      3072:MrmsNiEPqweu9WFMgc6OsoTY2RyWOMujX3CjzZFmBzsg0Yc6:M64eu9SMuoTYoyWOMujX01FmFfbc6

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks