General
-
Target
6c3a03d3e790f2dfc6f3db623ba3b99fbc5bb153a9f9914f9ac64085bc5963ee
-
Size
151KB
-
Sample
221004-cbrl3agcdk
-
MD5
03aa2304ddd55f0bd0897d8d459fd9e6
-
SHA1
3b9cb3c7e34cc3b3b794a409634b76b55a604606
-
SHA256
6c3a03d3e790f2dfc6f3db623ba3b99fbc5bb153a9f9914f9ac64085bc5963ee
-
SHA512
d0156e6598de154546bf2bc8a5d934fa700f85149e6276234f31a3f4831e6682725a9295fc62531b57b8d66699922a9757d5abbd126408b902e52cf88f3b7fdb
-
SSDEEP
3072:EwNA54xReV0r5LLv3NDZgPfnJMyqjSnImfBVGnw5vltSlOtzC:AmGY5LL/NDGCjStfrpvt3
Malware Config
Targets
-
-
Target
6c3a03d3e790f2dfc6f3db623ba3b99fbc5bb153a9f9914f9ac64085bc5963ee
-
Size
151KB
-
MD5
03aa2304ddd55f0bd0897d8d459fd9e6
-
SHA1
3b9cb3c7e34cc3b3b794a409634b76b55a604606
-
SHA256
6c3a03d3e790f2dfc6f3db623ba3b99fbc5bb153a9f9914f9ac64085bc5963ee
-
SHA512
d0156e6598de154546bf2bc8a5d934fa700f85149e6276234f31a3f4831e6682725a9295fc62531b57b8d66699922a9757d5abbd126408b902e52cf88f3b7fdb
-
SSDEEP
3072:EwNA54xReV0r5LLv3NDZgPfnJMyqjSnImfBVGnw5vltSlOtzC:AmGY5LL/NDGCjStfrpvt3
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Registers COM server for autorun
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-