bdf1c0322240502a828bb54531372ddd872961b23d3a88b43f7332a47b643360 | Triage

Sharing

General

Target

bdf1c0322240502a828bb54531372ddd872961b23d3a88b43f7332a47b643360
Size

84KB
Sample

221123-qgqtlsha4t
MD5

f8f51015c2021d281de4727c5224ea67
SHA1

63f427ced474d165eb55bcd9bbc54fd45bb79f0f
SHA256

bdf1c0322240502a828bb54531372ddd872961b23d3a88b43f7332a47b643360
SHA512

c7e456729f0d99542c9c08fb44d66b5024576af8c628690cf2ec1f5634ebae18da32c35552f1276af4d6f5ea9181b097cc7b500aeab866f0e5fb07700c769248
SSDEEP

1536:yZRhvqPRS9t8g0T/hitN/u/EFqm2pr0jeddFQcNZBT9HjRrbiVRl:4RhSP4l0FitN/OEPve7jRrbml

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  bdf1c0322240502a828bb54531372ddd872961b23d3a88b43f7332a47b643360
- Size
  
  84KB
- MD5
  
  f8f51015c2021d281de4727c5224ea67
- SHA1
  
  63f427ced474d165eb55bcd9bbc54fd45bb79f0f
- SHA256
  
  bdf1c0322240502a828bb54531372ddd872961b23d3a88b43f7332a47b643360
- SHA512
  
  c7e456729f0d99542c9c08fb44d66b5024576af8c628690cf2ec1f5634ebae18da32c35552f1276af4d6f5ea9181b097cc7b500aeab866f0e5fb07700c769248
- SSDEEP
  
  1536:yZRhvqPRS9t8g0T/hitN/u/EFqm2pr0jeddFQcNZBT9HjRrbiVRl:4RhSP4l0FitN/OEPve7jRrbml
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence