6c6528eeb384187114d04f393d9756a357070b5974de42ab46a60c30b3bfb65b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c6528eeb384187114d04f393d9756a357070b5974de42ab46a60c30b3bfb65b
Size

308KB
Sample

221029-awszhsdfh4
MD5

0c2a1766abf78ca0185ccdf3c95fd762
SHA1

5d5a058df1a326dabfd15b6d6966a607c840aa2d
SHA256

6c6528eeb384187114d04f393d9756a357070b5974de42ab46a60c30b3bfb65b
SHA512

e303a74b0f68a2740b8e861990e8157f35af20bf2000e1085716704ab4b3e855ace0bb339838a06bd82b7897c7f74fd555df2260854bdefaf43ea5241fc9c0b4
SSDEEP

6144:fWs8Q7HJkxrWTS9SgRxkWiZHqB46OuGnyEf:18QzJlSI0xdiFqBNGf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6c6528eeb384187114d04f393d9756a357070b5974de42ab46a60c30b3bfb65b
- Size
  
  308KB
- MD5
  
  0c2a1766abf78ca0185ccdf3c95fd762
- SHA1
  
  5d5a058df1a326dabfd15b6d6966a607c840aa2d
- SHA256
  
  6c6528eeb384187114d04f393d9756a357070b5974de42ab46a60c30b3bfb65b
- SHA512
  
  e303a74b0f68a2740b8e861990e8157f35af20bf2000e1085716704ab4b3e855ace0bb339838a06bd82b7897c7f74fd555df2260854bdefaf43ea5241fc9c0b4
- SSDEEP
  
  6144:fWs8Q7HJkxrWTS9SgRxkWiZHqB46OuGnyEf:18QzJlSI0xdiFqBNGf
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2