General
-
Target
a97c61925bf3a82606f15190f177e34c82a4f08d5ca8c167866bf7b07d5330f9
-
Size
144KB
-
Sample
221129-d6xx1afc2y
-
MD5
1950332c67064b8e2d44e885d5838cd0
-
SHA1
7d8df7947a34075844f69e8c2e1011d835d57d03
-
SHA256
a97c61925bf3a82606f15190f177e34c82a4f08d5ca8c167866bf7b07d5330f9
-
SHA512
35232521bd3a5937c4a2143ab96e8165126225616be4ca1cec65e3859445fd73e1ef170712eeb37a3ab1d33a338b4a8bb66e281edbb2ea4ce69447ee0cf1502a
-
SSDEEP
3072:BqADhLQCha6NNb2jbuvkZiROzSLjC1bogoPYoTGRKDFpS6aLce+M8:BbDhcCUItebuvkjzSLjC1bogkYoTGsf6
Malware Config
Targets
-
-
Target
a97c61925bf3a82606f15190f177e34c82a4f08d5ca8c167866bf7b07d5330f9
-
Size
144KB
-
MD5
1950332c67064b8e2d44e885d5838cd0
-
SHA1
7d8df7947a34075844f69e8c2e1011d835d57d03
-
SHA256
a97c61925bf3a82606f15190f177e34c82a4f08d5ca8c167866bf7b07d5330f9
-
SHA512
35232521bd3a5937c4a2143ab96e8165126225616be4ca1cec65e3859445fd73e1ef170712eeb37a3ab1d33a338b4a8bb66e281edbb2ea4ce69447ee0cf1502a
-
SSDEEP
3072:BqADhLQCha6NNb2jbuvkZiROzSLjC1bogoPYoTGRKDFpS6aLce+M8:BbDhcCUItebuvkjzSLjC1bogkYoTGsf6
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Sets service image path in registry
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-