aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835 | Triage

Sharing

General

Target

aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835
Size

90KB
Sample

221012-wtcemsehb7
MD5

76c33b2cb508f2cc32a9d26781449890
SHA1

f917eefd3074e6527938e5d2d6ddd20f86e3fa4e
SHA256

aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835
SHA512

2914b46ef3fcb0b0bd78f0bb7e41fbcefc3c4d6768b8c1ddda0627b14e1725758a5251515bcc4e9470e9d6a3c21e30786acd06cd94dc98ce8c205d261e755622
SSDEEP

1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1JF:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeoU

Score

8^/10

Malware Config

Targets

- Target
  
  aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835
- Size
  
  90KB
- MD5
  
  76c33b2cb508f2cc32a9d26781449890
- SHA1
  
  f917eefd3074e6527938e5d2d6ddd20f86e3fa4e
- SHA256
  
  aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835
- SHA512
  
  2914b46ef3fcb0b0bd78f0bb7e41fbcefc3c4d6768b8c1ddda0627b14e1725758a5251515bcc4e9470e9d6a3c21e30786acd06cd94dc98ce8c205d261e755622
- SSDEEP
  
  1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1JF:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeoU
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2