Overview

overview

8

Static

static

1b5d18dff4...18.exe

windows7-x64

8

1b5d18dff4...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b5d18dff46d896d2d7e4733a4918918315c9a4649e346586020a2b3fb32fc18

  • Size

    188KB

  • Sample

    221029-2y484sbddp

  • MD5

    56693b81af86ff753b8979d2f9c498c0

  • SHA1

    bb3bb97c7c48195cb271da582ee5741cd9e24e9b

  • SHA256

    1b5d18dff46d896d2d7e4733a4918918315c9a4649e346586020a2b3fb32fc18

  • SHA512

    838838d3c7d6b4616b5cd2a7791fcb4f3a085c19ca4b3bacd1e74d9ef77d526837b8a253b982adb040a098262c413985ea7c828f185aa39f36bbf1df4f0bca19

  • SSDEEP

    3072:DUNvcxpDAJ0oTdHhOxJCC4ymMQ67B1KehwLyZtRjAJJm4H:QdcxpDAJ0oTZ87B1Kei8CJm

Score
8/10
persistence

Malware Config

Targets

    • Target

      1b5d18dff46d896d2d7e4733a4918918315c9a4649e346586020a2b3fb32fc18

    • Size

      188KB

    • MD5

      56693b81af86ff753b8979d2f9c498c0

    • SHA1

      bb3bb97c7c48195cb271da582ee5741cd9e24e9b

    • SHA256

      1b5d18dff46d896d2d7e4733a4918918315c9a4649e346586020a2b3fb32fc18

    • SHA512

      838838d3c7d6b4616b5cd2a7791fcb4f3a085c19ca4b3bacd1e74d9ef77d526837b8a253b982adb040a098262c413985ea7c828f185aa39f36bbf1df4f0bca19

    • SSDEEP

      3072:DUNvcxpDAJ0oTdHhOxJCC4ymMQ67B1KehwLyZtRjAJJm4H:QdcxpDAJ0oTZ87B1Kei8CJm

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks