42d074f5ee31d4c800f6f029ad9a94f29acd9fcad22677373edde45a72034ac1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42d074f5ee31d4c800f6f029ad9a94f29acd9fcad22677373edde45a72034ac1
Size

176KB
Sample

221127-atfw6sbb6v
MD5

da24eed05f2018d18a1d0968f9799cfd
SHA1

527dab5b7e97355044f1e280fe788b0bb0fac47b
SHA256

42d074f5ee31d4c800f6f029ad9a94f29acd9fcad22677373edde45a72034ac1
SHA512

24c6d0788847b5d74990ccd99c48d27892b8b3a40353e2111164c3ca5f037d457393ce8a9dd73d4c252d8d627bdd0d9d59d2c0298a52affe048df987a767c0e5
SSDEEP

3072:m2xDmCK9OwfCK7LuREvqM+7EiOGfs+OpUaI1/5r38cB6hzUTRIARmPzF4w///X:mKDHGVCPiCM6OGf06p1/5wLyNZRmZ4W/

Score

8^/10

Malware Config

Targets

- Target
  
  42d074f5ee31d4c800f6f029ad9a94f29acd9fcad22677373edde45a72034ac1
- Size
  
  176KB
- MD5
  
  da24eed05f2018d18a1d0968f9799cfd
- SHA1
  
  527dab5b7e97355044f1e280fe788b0bb0fac47b
- SHA256
  
  42d074f5ee31d4c800f6f029ad9a94f29acd9fcad22677373edde45a72034ac1
- SHA512
  
  24c6d0788847b5d74990ccd99c48d27892b8b3a40353e2111164c3ca5f037d457393ce8a9dd73d4c252d8d627bdd0d9d59d2c0298a52affe048df987a767c0e5
- SSDEEP
  
  3072:m2xDmCK9OwfCK7LuREvqM+7EiOGfs+OpUaI1/5r38cB6hzUTRIARmPzF4w///X:mKDHGVCPiCM6OGf06p1/5wLyNZRmZ4W/
Score

8^/10
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2