Overview

overview

8

Static

static

121856a4f4...d5.exe

windows7-x64

8

121856a4f4...d5.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    121856a4f4dc8c4dc401d2521f1033dfe912b5070e12a5b8c0a9282df27931d5

  • Size

    231KB

  • Sample

    221029-21re2abecl

  • MD5

    5d8dff10e4306104aa601a0a9854ed79

  • SHA1

    fe56b3005f8b7a2fd747bcb6ec7c05ba4e90d598

  • SHA256

    121856a4f4dc8c4dc401d2521f1033dfe912b5070e12a5b8c0a9282df27931d5

  • SHA512

    01146a64ed62a02704796e889f87b77347f1081be7aeb94f87ad4b093348bb38c2c0aa51684666c1461e37a67452db9b30ebbe0369dabcbdb851b0b59dddb54e

  • SSDEEP

    6144:tC4HcrEVi0HP5IAyx6knu81TOMoU05D9VUA+F2:NHeEVi0Hh1yx6Wu8FOMoU0p

Score
8/10
persistence

Malware Config

Targets

    • Target

      121856a4f4dc8c4dc401d2521f1033dfe912b5070e12a5b8c0a9282df27931d5

    • Size

      231KB

    • MD5

      5d8dff10e4306104aa601a0a9854ed79

    • SHA1

      fe56b3005f8b7a2fd747bcb6ec7c05ba4e90d598

    • SHA256

      121856a4f4dc8c4dc401d2521f1033dfe912b5070e12a5b8c0a9282df27931d5

    • SHA512

      01146a64ed62a02704796e889f87b77347f1081be7aeb94f87ad4b093348bb38c2c0aa51684666c1461e37a67452db9b30ebbe0369dabcbdb851b0b59dddb54e

    • SSDEEP

      6144:tC4HcrEVi0HP5IAyx6knu81TOMoU05D9VUA+F2:NHeEVi0Hh1yx6Wu8FOMoU0p

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks