Overview

overview

8

Static

static

aa6aa32480...bd.exe

windows7-x64

8

aa6aa32480...bd.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa6aa32480cfc1b8c4e054735320962dd9307e4f268344c929a81b118413f2bd

  • Size

    190KB

  • Sample

    221106-jn3cnadaeq

  • MD5

    214203eff0dc03f98d5568c3fa8a2d90

  • SHA1

    fb54d172d4d7451d9cfbb942bba6c245d82acd1b

  • SHA256

    aa6aa32480cfc1b8c4e054735320962dd9307e4f268344c929a81b118413f2bd

  • SHA512

    1dc5a922f89e5064a6797e30a1f3f45e4a059f5b745f07fb48154983f2d57b6c61df796fed785e1098f7bafc09124b9965cb19b8ff6be3d937ff5bfbe91a72b4

  • SSDEEP

    3072:F8eowfKBkfNe+TcxbxMDGjJk+isC5LOMlAbF6POpxuXKACwE6uAjmpxOtQACSqv/:FywfWpLJk+lNM6bEe7WQACVv328L3

Score
8/10
persistence

Malware Config

Targets

    • Target

      aa6aa32480cfc1b8c4e054735320962dd9307e4f268344c929a81b118413f2bd

    • Size

      190KB

    • MD5

      214203eff0dc03f98d5568c3fa8a2d90

    • SHA1

      fb54d172d4d7451d9cfbb942bba6c245d82acd1b

    • SHA256

      aa6aa32480cfc1b8c4e054735320962dd9307e4f268344c929a81b118413f2bd

    • SHA512

      1dc5a922f89e5064a6797e30a1f3f45e4a059f5b745f07fb48154983f2d57b6c61df796fed785e1098f7bafc09124b9965cb19b8ff6be3d937ff5bfbe91a72b4

    • SSDEEP

      3072:F8eowfKBkfNe+TcxbxMDGjJk+isC5LOMlAbF6POpxuXKACwE6uAjmpxOtQACSqv/:FywfWpLJk+lNM6bEe7WQACVv328L3

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks