Overview

overview

8

Static

static

a6b6e41c35...12.exe

windows7-x64

8

a6b6e41c35...12.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a6b6e41c3583f96cb61545b95995c50991d59fa4c7118150e7657ddba1d19912

  • Size

    202KB

  • Sample

    221129-ee3jvafh91

  • MD5

    73b5eb1c16dae80be4aec4b8c57c70c3

  • SHA1

    40b389a3ab5d4fe5970bb1e1d8f6a1b1e72bdd9b

  • SHA256

    a6b6e41c3583f96cb61545b95995c50991d59fa4c7118150e7657ddba1d19912

  • SHA512

    70e7c4dd48560dc881fcd16afdf10e414962c7048a8d9fd9af720c1bf23bd8a13fd895e7788200e980bf071fd33c15044d83f81d9fbb6b1471edcb981cabf3f7

  • SSDEEP

    6144:FWxNsdTPUjofn06FWfuDjKNlBklj39w9TE518zpP4:MxNsdln0aWfuD+5klj39ww8W

Score
8/10
persistence

Malware Config

Targets

    • Target

      a6b6e41c3583f96cb61545b95995c50991d59fa4c7118150e7657ddba1d19912

    • Size

      202KB

    • MD5

      73b5eb1c16dae80be4aec4b8c57c70c3

    • SHA1

      40b389a3ab5d4fe5970bb1e1d8f6a1b1e72bdd9b

    • SHA256

      a6b6e41c3583f96cb61545b95995c50991d59fa4c7118150e7657ddba1d19912

    • SHA512

      70e7c4dd48560dc881fcd16afdf10e414962c7048a8d9fd9af720c1bf23bd8a13fd895e7788200e980bf071fd33c15044d83f81d9fbb6b1471edcb981cabf3f7

    • SSDEEP

      6144:FWxNsdTPUjofn06FWfuDjKNlBklj39w9TE518zpP4:MxNsdln0aWfuD+5klj39ww8W

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks