5be71d9491e7b7f2397df2b73fa7931396bef1f222fc781196c18ac90ca7a3ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5be71d9491e7b7f2397df2b73fa7931396bef1f222fc781196c18ac90ca7a3ab
Size

223KB
Sample

221106-kqpd9aeghn
MD5

2de155730d09862355b062799986fc8c
SHA1

4d4f2de1f7b05bea4914c4bc966a584021e8adc3
SHA256

5be71d9491e7b7f2397df2b73fa7931396bef1f222fc781196c18ac90ca7a3ab
SHA512

d2bc5a03146a53e978b8967e9e0c4d5a344155e30edcd2e9c198d20525a01210add64405ea84f41fc772e4ffebb2aa8f172526c5e862052f03eff6b928c5542d
SSDEEP

3072:BEHPJBytw176VhQO3c5ZxW5R1cmgwq18KGm0usOLUUG:Byhwq1eHQO3chCcTwSdAeH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5be71d9491e7b7f2397df2b73fa7931396bef1f222fc781196c18ac90ca7a3ab
- Size
  
  223KB
- MD5
  
  2de155730d09862355b062799986fc8c
- SHA1
  
  4d4f2de1f7b05bea4914c4bc966a584021e8adc3
- SHA256
  
  5be71d9491e7b7f2397df2b73fa7931396bef1f222fc781196c18ac90ca7a3ab
- SHA512
  
  d2bc5a03146a53e978b8967e9e0c4d5a344155e30edcd2e9c198d20525a01210add64405ea84f41fc772e4ffebb2aa8f172526c5e862052f03eff6b928c5542d
- SSDEEP
  
  3072:BEHPJBytw176VhQO3c5ZxW5R1cmgwq18KGm0usOLUUG:Byhwq1eHQO3chCcTwSdAeH
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2