Overview

overview

8

Static

static

51528af05a...03.exe

windows7-x64

8

51528af05a...03.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51528af05a27942ce0dccc6b19fa3b0a83c97d68b5335de52106a4acb6a7ec03

  • Size

    169KB

  • Sample

    221002-r967qsbdh3

  • MD5

    67fc5e1b6181932c69afcde68c0c9190

  • SHA1

    67e72e83dd2d49782532800ed82a4d9531d0e013

  • SHA256

    51528af05a27942ce0dccc6b19fa3b0a83c97d68b5335de52106a4acb6a7ec03

  • SHA512

    062456412b8aff4e0b0e1b08fdaab9afb3d02c6904fbf13112c5cbf23cc4465ef25ddb5fb85690902d32d20e9079e2e0d42f81464962140be96ff1a2303de198

  • SSDEEP

    3072:qqwYrSIP7lmQpT8i0gwWsu+Q9bvcDtI7sf2FDbfBX1Li+A+wqK4:DHWm7l/Ga9bB7lpX1aGK4

Score
8/10
persistence

Malware Config

Targets

    • Target

      51528af05a27942ce0dccc6b19fa3b0a83c97d68b5335de52106a4acb6a7ec03

    • Size

      169KB

    • MD5

      67fc5e1b6181932c69afcde68c0c9190

    • SHA1

      67e72e83dd2d49782532800ed82a4d9531d0e013

    • SHA256

      51528af05a27942ce0dccc6b19fa3b0a83c97d68b5335de52106a4acb6a7ec03

    • SHA512

      062456412b8aff4e0b0e1b08fdaab9afb3d02c6904fbf13112c5cbf23cc4465ef25ddb5fb85690902d32d20e9079e2e0d42f81464962140be96ff1a2303de198

    • SSDEEP

      3072:qqwYrSIP7lmQpT8i0gwWsu+Q9bvcDtI7sf2FDbfBX1Li+A+wqK4:DHWm7l/Ga9bB7lpX1aGK4

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks