884088ab1fcc6d5cf914644a72cf41212ba806015b3f94cddfe0527a2699f9bc | Triage

Sharing

General

Target

884088ab1fcc6d5cf914644a72cf41212ba806015b3f94cddfe0527a2699f9bc
Size

181KB
Sample

221125-jcwqqsbb42
MD5

cbe651fb6de2f98242351804a24b6112
SHA1

763c308f83f97a8bb1dfa5c3213d3194ff48900c
SHA256

884088ab1fcc6d5cf914644a72cf41212ba806015b3f94cddfe0527a2699f9bc
SHA512

b8e8b2ff0750e243572429beaa8aa8735066ec50fd7ce378f97a0a6026b7a1ac4120d19dc2f53d9b07290c9d8e4adb99fec51b79acc1c3653c5218e840050d73
SSDEEP

3072:iIDlrRGTE8OkbARI4/ALZPEKG3A+/ftQayV1EjJKF0YJENdhyK8AuUr/:lZrAv5b0IDLalw2yV1+I9J2uAu

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  884088ab1fcc6d5cf914644a72cf41212ba806015b3f94cddfe0527a2699f9bc
- Size
  
  181KB
- MD5
  
  cbe651fb6de2f98242351804a24b6112
- SHA1
  
  763c308f83f97a8bb1dfa5c3213d3194ff48900c
- SHA256
  
  884088ab1fcc6d5cf914644a72cf41212ba806015b3f94cddfe0527a2699f9bc
- SHA512
  
  b8e8b2ff0750e243572429beaa8aa8735066ec50fd7ce378f97a0a6026b7a1ac4120d19dc2f53d9b07290c9d8e4adb99fec51b79acc1c3653c5218e840050d73
- SSDEEP
  
  3072:iIDlrRGTE8OkbARI4/ALZPEKG3A+/ftQayV1EjJKF0YJENdhyK8AuUr/:lZrAv5b0IDLalw2yV1+I9J2uAu
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2