Overview

overview

8

Static

static

8ebef10661...fa.exe

windows7-x64

8

8ebef10661...fa.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ebef10661973654d41d225ecf491417cb6624a90d3d1dc94408bab0fc1a6bfa

  • Size

    154KB

  • Sample

    221124-196ewach53

  • MD5

    f568feb9d9e52e6ca4a2e9c2aa7b6ac1

  • SHA1

    1d54221b8506a4eefe98d7071ec2621c3892bda6

  • SHA256

    8ebef10661973654d41d225ecf491417cb6624a90d3d1dc94408bab0fc1a6bfa

  • SHA512

    ee01d4806a2b0f88fb0cc9e7763f41e5dd14f5f34cb64d3e947878ab138ae61c2c390df923f799226fc73ec713c6511982f94f3f4b454d998dd6d32cdb4656e2

  • SSDEEP

    3072:nxbv6QZjOhmD7D2t40Dmq+1b3IHhAF0EL+z+G6j/wGoJ+2:nxbCBc2t40aq+1sGF0Exj

Score
8/10
persistence

Malware Config

Targets

    • Target

      8ebef10661973654d41d225ecf491417cb6624a90d3d1dc94408bab0fc1a6bfa

    • Size

      154KB

    • MD5

      f568feb9d9e52e6ca4a2e9c2aa7b6ac1

    • SHA1

      1d54221b8506a4eefe98d7071ec2621c3892bda6

    • SHA256

      8ebef10661973654d41d225ecf491417cb6624a90d3d1dc94408bab0fc1a6bfa

    • SHA512

      ee01d4806a2b0f88fb0cc9e7763f41e5dd14f5f34cb64d3e947878ab138ae61c2c390df923f799226fc73ec713c6511982f94f3f4b454d998dd6d32cdb4656e2

    • SSDEEP

      3072:nxbv6QZjOhmD7D2t40Dmq+1b3IHhAF0EL+z+G6j/wGoJ+2:nxbCBc2t40aq+1sGF0Exj

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks