Overview

overview

8

Static

static

6418ce954d...40.exe

windows7-x64

8

6418ce954d...40.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    6418ce954dd085d143cd90013083096a7bdf2dbc4819796d738bde337d711340

  • Size

    196KB

  • Sample

    221107-syqlaaeaa6

  • MD5

    0fa3ea78b0896ff038564ee8afea0f40

  • SHA1

    f39a91dd6a9a3141d0d8134cd5592f38aad86df4

  • SHA256

    6418ce954dd085d143cd90013083096a7bdf2dbc4819796d738bde337d711340

  • SHA512

    7ae216579088549a75da27128ab826030baae79c654086f8c141b1f6428fedeb48aa9c2007c69255c6771b2e2185a67330b3cd33ef0d9e61f2f976041532be74

  • SSDEEP

    6144:n2BOmnjzGEz/2r0cSYG9JR2jzpwDGB+xPT3F+:2UmmfAcSdh2HpUrV+

Score
8/10
persistence

Malware Config

Targets

    • Target

      6418ce954dd085d143cd90013083096a7bdf2dbc4819796d738bde337d711340

    • Size

      196KB

    • MD5

      0fa3ea78b0896ff038564ee8afea0f40

    • SHA1

      f39a91dd6a9a3141d0d8134cd5592f38aad86df4

    • SHA256

      6418ce954dd085d143cd90013083096a7bdf2dbc4819796d738bde337d711340

    • SHA512

      7ae216579088549a75da27128ab826030baae79c654086f8c141b1f6428fedeb48aa9c2007c69255c6771b2e2185a67330b3cd33ef0d9e61f2f976041532be74

    • SSDEEP

      6144:n2BOmnjzGEz/2r0cSYG9JR2jzpwDGB+xPT3F+:2UmmfAcSdh2HpUrV+

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks