3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912 | Triage

Sharing

General

Target

3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912
Size

155KB
Sample

221128-r44jnabc98
MD5

05d894131da48f68009481f209933288
SHA1

f6756060274cea91da4ec41d6b472842ef009a3b
SHA256

3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912
SHA512

69ae2d6247e9bc19f3baae5cba1695b5a2023a8fdb72eb6daa6db2d4e6b020100cbd00af20c5b83e8031deab644f703abc79086da3ae109bf931f3dda2e534ef
SSDEEP

3072:2bm9g/M7Er4lQJWS9VM7dGm6ydOJoIArfYqbNjGXlk8BFLPHSeSI:Um9t7V2WSfMhGm6pJoIArf/5oa8BFO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912
- Size
  
  155KB
- MD5
  
  05d894131da48f68009481f209933288
- SHA1
  
  f6756060274cea91da4ec41d6b472842ef009a3b
- SHA256
  
  3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912
- SHA512
  
  69ae2d6247e9bc19f3baae5cba1695b5a2023a8fdb72eb6daa6db2d4e6b020100cbd00af20c5b83e8031deab644f703abc79086da3ae109bf931f3dda2e534ef
- SSDEEP
  
  3072:2bm9g/M7Er4lQJWS9VM7dGm6ydOJoIArfYqbNjGXlk8BFLPHSeSI:Um9t7V2WSfMhGm6pJoIArf/5oa8BFO
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2