General

  • Target

    92e77066ada0501bfd8f469e71cfd8fd916c75dd38e496e206d58d55a9747305

  • Size

    168KB

  • Sample

    221127-t4gq1aca64

  • MD5

    24d74f4e393403285cb6766dcef5f8ec

  • SHA1

    3fa1f0911384fd9912af47bbc72f79bcde925c2d

  • SHA256

    92e77066ada0501bfd8f469e71cfd8fd916c75dd38e496e206d58d55a9747305

  • SHA512

    d6bf5c69ed412a1fd59235c2fb7f97574d9adf24f0488dfc1fbdb6f9120f6134790e45fd163d99fc44c65f4138d98114bfb0129c205f1dbac369536c58bb02d0

  • SSDEEP

    3072:CrU8REj7lO48uutkxZeKtsNruxCuZUaHtxb2aQk3O2aT6EXzvRFtmio/67wVsCgq:CrU8aY4TToxN4CkTPp3iVFtmio/67cxS

Score
10/10

Malware Config

Targets

    • Target

      92e77066ada0501bfd8f469e71cfd8fd916c75dd38e496e206d58d55a9747305

    • Size

      168KB

    • MD5

      24d74f4e393403285cb6766dcef5f8ec

    • SHA1

      3fa1f0911384fd9912af47bbc72f79bcde925c2d

    • SHA256

      92e77066ada0501bfd8f469e71cfd8fd916c75dd38e496e206d58d55a9747305

    • SHA512

      d6bf5c69ed412a1fd59235c2fb7f97574d9adf24f0488dfc1fbdb6f9120f6134790e45fd163d99fc44c65f4138d98114bfb0129c205f1dbac369536c58bb02d0

    • SSDEEP

      3072:CrU8REj7lO48uutkxZeKtsNruxCuZUaHtxb2aQk3O2aT6EXzvRFtmio/67wVsCgq:CrU8aY4TToxN4CkTPp3iVFtmio/67cxS

    Score
    10/10
    • Modifies firewall policy service

    • Modifies security service

    • Registers COM server for autorun

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks