General

  • Target

    3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912

  • Size

    155KB

  • Sample

    221128-r44jnabc98

  • MD5

    05d894131da48f68009481f209933288

  • SHA1

    f6756060274cea91da4ec41d6b472842ef009a3b

  • SHA256

    3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912

  • SHA512

    69ae2d6247e9bc19f3baae5cba1695b5a2023a8fdb72eb6daa6db2d4e6b020100cbd00af20c5b83e8031deab644f703abc79086da3ae109bf931f3dda2e534ef

  • SSDEEP

    3072:2bm9g/M7Er4lQJWS9VM7dGm6ydOJoIArfYqbNjGXlk8BFLPHSeSI:Um9t7V2WSfMhGm6pJoIArf/5oa8BFO

Score
10/10

Malware Config

Targets

    • Target

      3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912

    • Size

      155KB

    • MD5

      05d894131da48f68009481f209933288

    • SHA1

      f6756060274cea91da4ec41d6b472842ef009a3b

    • SHA256

      3c749acb0552370a6d41e87c13fa66c3897cf923ba6eabd64d4ba5d9cf055912

    • SHA512

      69ae2d6247e9bc19f3baae5cba1695b5a2023a8fdb72eb6daa6db2d4e6b020100cbd00af20c5b83e8031deab644f703abc79086da3ae109bf931f3dda2e534ef

    • SSDEEP

      3072:2bm9g/M7Er4lQJWS9VM7dGm6ydOJoIArfYqbNjGXlk8BFLPHSeSI:Um9t7V2WSfMhGm6pJoIArf/5oa8BFO

    Score
    10/10
    • Modifies security service

    • Executes dropped EXE

    • Registers COM server for autorun

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks