a277b651b3bcd2f027c52a90e3c4ff6163cd87dddd767dc2b2549b2df01d03b4 | Triage

Sharing

General

Target

a277b651b3bcd2f027c52a90e3c4ff6163cd87dddd767dc2b2549b2df01d03b4
Size

90KB
Sample

221123-ztkb2adg49
MD5

4563a823f74b728bf5e30ac1250bf650
SHA1

42e2bf6175398a104c649c19cd2a9dbcf1003c36
SHA256

a277b651b3bcd2f027c52a90e3c4ff6163cd87dddd767dc2b2549b2df01d03b4
SHA512

95dcf7081d983b4c4d40a560c3382fa5e371356172d15a996260b8d13e66846955210dbff473b3379084e4e3c993ea6aac75cd637ff4dc4ceeca11b9775294b5
SSDEEP

1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1JF:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeok

Score

8^/10

Malware Config

Targets

- Target
  
  a277b651b3bcd2f027c52a90e3c4ff6163cd87dddd767dc2b2549b2df01d03b4
- Size
  
  90KB
- MD5
  
  4563a823f74b728bf5e30ac1250bf650
- SHA1
  
  42e2bf6175398a104c649c19cd2a9dbcf1003c36
- SHA256
  
  a277b651b3bcd2f027c52a90e3c4ff6163cd87dddd767dc2b2549b2df01d03b4
- SHA512
  
  95dcf7081d983b4c4d40a560c3382fa5e371356172d15a996260b8d13e66846955210dbff473b3379084e4e3c993ea6aac75cd637ff4dc4ceeca11b9775294b5
- SSDEEP
  
  1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1JF:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeok
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2