Overview

overview

10

Static

static

5a2f78d95d...72.exe

windows7-x64

10

5a2f78d95d...72.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a2f78d95d699e529fa3d12f4823ebb1734cc1c0483de3bb7132a5ffbbf32272

  • Size

    167KB

  • Sample

    221123-rka31agg74

  • MD5

    244341f5f57cb934e0ca2244e2ad4b41

  • SHA1

    178b9c7d37de55eed7fd8953ab8f3db2416a718f

  • SHA256

    5a2f78d95d699e529fa3d12f4823ebb1734cc1c0483de3bb7132a5ffbbf32272

  • SHA512

    43415887f1a2bf91cac2786d55d32bc2c2208422ec2574ccab17b24ba7723a363a019498f19792a33ffc4f693a01212bf2ec2ae6af7dda9139e66e40e25b2a8a

  • SSDEEP

    3072:TYb0jN75f0v3FODIZQi0ke/s5lWwKX/Lcw3ITKgluQopA6ZBQLHX:TYb0jN1f0v3F6IZQi0ke/sbSPLcw3IT7

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      5a2f78d95d699e529fa3d12f4823ebb1734cc1c0483de3bb7132a5ffbbf32272

    • Size

      167KB

    • MD5

      244341f5f57cb934e0ca2244e2ad4b41

    • SHA1

      178b9c7d37de55eed7fd8953ab8f3db2416a718f

    • SHA256

      5a2f78d95d699e529fa3d12f4823ebb1734cc1c0483de3bb7132a5ffbbf32272

    • SHA512

      43415887f1a2bf91cac2786d55d32bc2c2208422ec2574ccab17b24ba7723a363a019498f19792a33ffc4f693a01212bf2ec2ae6af7dda9139e66e40e25b2a8a

    • SSDEEP

      3072:TYb0jN75f0v3FODIZQi0ke/s5lWwKX/Lcw3ITKgluQopA6ZBQLHX:TYb0jN1f0v3F6IZQi0ke/sbSPLcw3IT7

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks