e3573366c867bf88c2f518ba84dbbe609e32f84e892212ebfb0f4697511e3a06 | Triage

Sharing

General

Target

e3573366c867bf88c2f518ba84dbbe609e32f84e892212ebfb0f4697511e3a06
Size

124KB
Sample

221029-1qgmeagfa6
MD5

849b9bc125594a28a5614162b57909db
SHA1

4c0b59fa4ac96e03342cbdc36f0752b5632b1c52
SHA256

e3573366c867bf88c2f518ba84dbbe609e32f84e892212ebfb0f4697511e3a06
SHA512

86c0b8d84a26b34bcb2e09381fe0adbb8d630850b74c8042bc1e98e8479eac064b5f02bfb1f020477cdccba22e30d24b172b71c902888b6f25485d29eee0d3c6
SSDEEP

1536:/tPr2/kPKMonowh4ooFoNyhUICkT2rLtp4fNGtJ2d9DUMymuGFYp4Py+i6m6jP:/9PPnonoroomISrLtpgNXdyp6m6jP

Score

8^/10

Malware Config

Targets

- Target
  
  e3573366c867bf88c2f518ba84dbbe609e32f84e892212ebfb0f4697511e3a06
- Size
  
  124KB
- MD5
  
  849b9bc125594a28a5614162b57909db
- SHA1
  
  4c0b59fa4ac96e03342cbdc36f0752b5632b1c52
- SHA256
  
  e3573366c867bf88c2f518ba84dbbe609e32f84e892212ebfb0f4697511e3a06
- SHA512
  
  86c0b8d84a26b34bcb2e09381fe0adbb8d630850b74c8042bc1e98e8479eac064b5f02bfb1f020477cdccba22e30d24b172b71c902888b6f25485d29eee0d3c6
- SSDEEP
  
  1536:/tPr2/kPKMonowh4ooFoNyhUICkT2rLtp4fNGtJ2d9DUMymuGFYp4Py+i6m6jP:/9PPnonoroomISrLtpgNXdyp6m6jP
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2