1ae4185f4788f848d7e715d9c2061a648a8988a5077fff51b0adc44e4f51d152 | Triage

Sharing

General

Target

1ae4185f4788f848d7e715d9c2061a648a8988a5077fff51b0adc44e4f51d152
Size

135KB
Sample

221123-r8g68adf5w
MD5

63b8fdec672bde61a7aba9bc9b36b995
SHA1

aa4b0fc5de03517391d805efbbd1297ed202e79f
SHA256

1ae4185f4788f848d7e715d9c2061a648a8988a5077fff51b0adc44e4f51d152
SHA512

fb5098e2d43df844281a2237abf3cf8cf2b7e4908985829a84c4b6c8cc61e76b44e6b2e67b93be5314cc0470ae6a7656aa189f370d6b87fd76f52e6e797cabc2
SSDEEP

3072:F63myg5oy4PCMdH2AY5EG33ZCjddfE9K02b3:F6WyxPJdHG3pCjHEo02T

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1ae4185f4788f848d7e715d9c2061a648a8988a5077fff51b0adc44e4f51d152
- Size
  
  135KB
- MD5
  
  63b8fdec672bde61a7aba9bc9b36b995
- SHA1
  
  aa4b0fc5de03517391d805efbbd1297ed202e79f
- SHA256
  
  1ae4185f4788f848d7e715d9c2061a648a8988a5077fff51b0adc44e4f51d152
- SHA512
  
  fb5098e2d43df844281a2237abf3cf8cf2b7e4908985829a84c4b6c8cc61e76b44e6b2e67b93be5314cc0470ae6a7656aa189f370d6b87fd76f52e6e797cabc2
- SSDEEP
  
  3072:F63myg5oy4PCMdH2AY5EG33ZCjddfE9K02b3:F6WyxPJdHG3pCjHEo02T
Score

7^/10

persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2