Overview

overview

8

Static

static

c2cdc48117...59.exe

windows7-x64

8

c2cdc48117...59.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2cdc481172a9141b064d18e4232d9a3908d19c4f3223eb64d79d7921f046f59

  • Size

    191KB

  • Sample

    221124-n48ltscb35

  • MD5

    a2807542cc8240b1f6953a650e3de47b

  • SHA1

    723fdf7b70bb3d86bed4a58e2d03a4a1a1acfeab

  • SHA256

    c2cdc481172a9141b064d18e4232d9a3908d19c4f3223eb64d79d7921f046f59

  • SHA512

    584dc1970ea2871e1df2ffe4fe3771483e40b8c2188fb94c9b8538076b77029bf479e357555b4b3c660f46b028dd6cd1e258ed59495e597c3b2d6c68ed3f322e

  • SSDEEP

    3072:ZSv3Yj4xv0Mzv9GJeD4hkfNGYl94iLtxw8fdo/CmahQhKLSZ/Gbf20RCcgdBD7F8:Iv3YkxvRlGJ9kfQYl9ZXfSfFhD/Gbf2i

Score
8/10

Malware Config

Targets

    • Target

      c2cdc481172a9141b064d18e4232d9a3908d19c4f3223eb64d79d7921f046f59

    • Size

      191KB

    • MD5

      a2807542cc8240b1f6953a650e3de47b

    • SHA1

      723fdf7b70bb3d86bed4a58e2d03a4a1a1acfeab

    • SHA256

      c2cdc481172a9141b064d18e4232d9a3908d19c4f3223eb64d79d7921f046f59

    • SHA512

      584dc1970ea2871e1df2ffe4fe3771483e40b8c2188fb94c9b8538076b77029bf479e357555b4b3c660f46b028dd6cd1e258ed59495e597c3b2d6c68ed3f322e

    • SSDEEP

      3072:ZSv3Yj4xv0Mzv9GJeD4hkfNGYl94iLtxw8fdo/CmahQhKLSZ/Gbf20RCcgdBD7F8:Iv3YkxvRlGJ9kfQYl9ZXfSfFhD/Gbf2i

    Score
    8/10

    • Executes dropped EXE

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks