Overview

overview

8

Static

static

7cfab5299b...78.exe

windows7-x64

8

7cfab5299b...78.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7cfab5299b7f6362151a7eab77102d7abc2f6c9d85773004103f546b93af9a78

  • Size

    181KB

  • Sample

    221002-qbakfagae7

  • MD5

    635225e40d1ab681b657b5e21dd23f32

  • SHA1

    6c2ea698bdfb75d8c976a204d9dbafd7487eee93

  • SHA256

    7cfab5299b7f6362151a7eab77102d7abc2f6c9d85773004103f546b93af9a78

  • SHA512

    fc77ed1546df1ddf4e13d892f54d7f0acf7dca15ee62a9e25ab1694f53eaaab3e954780b060c61c960b066db0a46f5ba77c83f941ff2b9ccf929258a162d1dd8

  • SSDEEP

    3072:Q9lHbd/xC9lcdk7VrveYRsYNqDrZCG5GUrKBq4YsPmSq5sCsP6kEt9ofCESsRRcE:Qfbd/xC9r73WogrZ95GUrAq4LatYVBSY

Score
8/10
persistence

Malware Config

Targets

    • Target

      7cfab5299b7f6362151a7eab77102d7abc2f6c9d85773004103f546b93af9a78

    • Size

      181KB

    • MD5

      635225e40d1ab681b657b5e21dd23f32

    • SHA1

      6c2ea698bdfb75d8c976a204d9dbafd7487eee93

    • SHA256

      7cfab5299b7f6362151a7eab77102d7abc2f6c9d85773004103f546b93af9a78

    • SHA512

      fc77ed1546df1ddf4e13d892f54d7f0acf7dca15ee62a9e25ab1694f53eaaab3e954780b060c61c960b066db0a46f5ba77c83f941ff2b9ccf929258a162d1dd8

    • SSDEEP

      3072:Q9lHbd/xC9lcdk7VrveYRsYNqDrZCG5GUrKBq4YsPmSq5sCsP6kEt9ofCESsRRcE:Qfbd/xC9r73WogrZ95GUrAq4LatYVBSY

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks