fdd9e70a32dc1b579403e28eeba1f69f2892f6c428dcd2e76225c5ba1d72bc28 | Triage

Sharing

General

Target

fdd9e70a32dc1b579403e28eeba1f69f2892f6c428dcd2e76225c5ba1d72bc28
Size

90KB
Sample

221030-kkpstsbeh4
MD5

a2c80c59b69b9aa7bc43176a4f35388b
SHA1

69aba189eb9a98874d9c98161be08a6278a03690
SHA256

fdd9e70a32dc1b579403e28eeba1f69f2892f6c428dcd2e76225c5ba1d72bc28
SHA512

e12586d9a0898dbc7ae840ad0207834fe538220f16aa52da065abceeedd58512a586dfb96b8243bb940fc62f3f7843c7e650144d60b0ca127ac21f792aad52bb
SSDEEP

1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1J4:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeol

Score

8^/10

Malware Config

Targets

- Target
  
  fdd9e70a32dc1b579403e28eeba1f69f2892f6c428dcd2e76225c5ba1d72bc28
- Size
  
  90KB
- MD5
  
  a2c80c59b69b9aa7bc43176a4f35388b
- SHA1
  
  69aba189eb9a98874d9c98161be08a6278a03690
- SHA256
  
  fdd9e70a32dc1b579403e28eeba1f69f2892f6c428dcd2e76225c5ba1d72bc28
- SHA512
  
  e12586d9a0898dbc7ae840ad0207834fe538220f16aa52da065abceeedd58512a586dfb96b8243bb940fc62f3f7843c7e650144d60b0ca127ac21f792aad52bb
- SSDEEP
  
  1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1J4:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeol
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2