Overview

overview

10

Static

static

acd1d5e649...cf.exe

windows7-x64

10

acd1d5e649...cf.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acd1d5e6495240532917fb0a38650fa89dc6ed3d35816b7409817b43f5b9f7cf

  • Size

    134KB

  • Sample

    221123-qnm2ashd6v

  • MD5

    d0202f4ac2fd583d9eb32fd4ff1aff5c

  • SHA1

    951b731626b6d266cd4e5ebf6fecfa0e356ea805

  • SHA256

    acd1d5e6495240532917fb0a38650fa89dc6ed3d35816b7409817b43f5b9f7cf

  • SHA512

    fe31989e2cbeffb2d74f79e3f940db838fc28d9d93858e64eadf2ba08cf5d358d39166226fbf4b4fa267d573351feeb92fd6895594c1b4b3535315053ae50d4e

  • SSDEEP

    3072:qsRG0fFgblljWFQ8ZrYPVfPLWkTKirRhCRgkHvHTO:lRGC6uNoVfPUirYdHa

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      acd1d5e6495240532917fb0a38650fa89dc6ed3d35816b7409817b43f5b9f7cf

    • Size

      134KB

    • MD5

      d0202f4ac2fd583d9eb32fd4ff1aff5c

    • SHA1

      951b731626b6d266cd4e5ebf6fecfa0e356ea805

    • SHA256

      acd1d5e6495240532917fb0a38650fa89dc6ed3d35816b7409817b43f5b9f7cf

    • SHA512

      fe31989e2cbeffb2d74f79e3f940db838fc28d9d93858e64eadf2ba08cf5d358d39166226fbf4b4fa267d573351feeb92fd6895594c1b4b3535315053ae50d4e

    • SSDEEP

      3072:qsRG0fFgblljWFQ8ZrYPVfPLWkTKirRhCRgkHvHTO:lRGC6uNoVfPUirYdHa

    Score
    10/10
    evasionpersistence

    • Modifies security service

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks