be624751d55c1cf5d7ebdd98ef22eb4df306c5d00e162ce5f8540244639eb774 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be624751d55c1cf5d7ebdd98ef22eb4df306c5d00e162ce5f8540244639eb774
Size

140KB
Sample

221020-yb1qmabgf7
MD5

a07d6b4136ec2799d939fa044ba36800
SHA1

8338d87bbc8cc4efa42f52c4488cac2eeb3b77e1
SHA256

be624751d55c1cf5d7ebdd98ef22eb4df306c5d00e162ce5f8540244639eb774
SHA512

133797619a4a4d4fa1729c1010e9becd31283014274c8f1e3b98fd7828663083a1c1b6a599b51d996bc276b51fa949e98f3a8f7b9ce4013c57810aae72483b97
SSDEEP

3072:FuSfiIHIQa7+/NHRiaL9qJdVEk03aDKjYbNC87tjgQrMT4Bmz:7KylqJEkca+UbZtjnECm

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  be624751d55c1cf5d7ebdd98ef22eb4df306c5d00e162ce5f8540244639eb774
- Size
  
  140KB
- MD5
  
  a07d6b4136ec2799d939fa044ba36800
- SHA1
  
  8338d87bbc8cc4efa42f52c4488cac2eeb3b77e1
- SHA256
  
  be624751d55c1cf5d7ebdd98ef22eb4df306c5d00e162ce5f8540244639eb774
- SHA512
  
  133797619a4a4d4fa1729c1010e9becd31283014274c8f1e3b98fd7828663083a1c1b6a599b51d996bc276b51fa949e98f3a8f7b9ce4013c57810aae72483b97
- SSDEEP
  
  3072:FuSfiIHIQa7+/NHRiaL9qJdVEk03aDKjYbNC87tjgQrMT4Bmz:7KylqJEkca+UbZtjnECm
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2