General
-
Target
4552a01ea7064532747eca1d1a2646b16d0ee93254d8d0a6c81b6b753b160b60
-
Size
158KB
-
Sample
221125-cl8nbsgh71
-
MD5
dce3fce60694ee2387f7b51373b2ed30
-
SHA1
6ca68b9fd7b313eb8c0526a5ff67c4e05dec10f5
-
SHA256
4552a01ea7064532747eca1d1a2646b16d0ee93254d8d0a6c81b6b753b160b60
-
SHA512
19de497b85708c81386627f5e0a557f1650b57118c9051e1275c9b78c6d87a416d82e9d2f8a10fe61b4efff1711b4116d6453ee6cb291e90df964f897bae2ba8
-
SSDEEP
3072:YlU6ydqWNy0J2TlQ2jEb94PmszQFGFt6pQHwyPaTyqfG:YWNdlNtsApGtGfQZPaTFO
Malware Config
Targets
-
-
Target
4552a01ea7064532747eca1d1a2646b16d0ee93254d8d0a6c81b6b753b160b60
-
Size
158KB
-
MD5
dce3fce60694ee2387f7b51373b2ed30
-
SHA1
6ca68b9fd7b313eb8c0526a5ff67c4e05dec10f5
-
SHA256
4552a01ea7064532747eca1d1a2646b16d0ee93254d8d0a6c81b6b753b160b60
-
SHA512
19de497b85708c81386627f5e0a557f1650b57118c9051e1275c9b78c6d87a416d82e9d2f8a10fe61b4efff1711b4116d6453ee6cb291e90df964f897bae2ba8
-
SSDEEP
3072:YlU6ydqWNy0J2TlQ2jEb94PmszQFGFt6pQHwyPaTyqfG:YWNdlNtsApGtGfQZPaTFO
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Registers COM server for autorun
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-