863e6a92db5d388b1f3df11ed0f338a94ef3b46219ed0030ad9de886e19cdc4c | Triage

Sharing

General

Target

863e6a92db5d388b1f3df11ed0f338a94ef3b46219ed0030ad9de886e19cdc4c
Size

92KB
Sample

221129-g6944sdd83
MD5

803798f9882631fd4224f4d6f4025363
SHA1

3e92102cadb9f04b737f21c68fbd74ebc2f456bb
SHA256

863e6a92db5d388b1f3df11ed0f338a94ef3b46219ed0030ad9de886e19cdc4c
SHA512

aeb3c79eea0134dd3f7663c6b0b0592e6f2f9ad9d5636899db43133a6a5f5eff7071fa437620924d01a281cdb26b03549189ef18704074ee564379f792615560
SSDEEP

1536:DdJrJihfQxtQg1nhFc9pJpk+tCwmg+Q6buWkJ2/tnJs1vHMpUv/r/:J54QxjJGJpTP65vFYMper/

Score

8^/10

Malware Config

Targets

- Target
  
  863e6a92db5d388b1f3df11ed0f338a94ef3b46219ed0030ad9de886e19cdc4c
- Size
  
  92KB
- MD5
  
  803798f9882631fd4224f4d6f4025363
- SHA1
  
  3e92102cadb9f04b737f21c68fbd74ebc2f456bb
- SHA256
  
  863e6a92db5d388b1f3df11ed0f338a94ef3b46219ed0030ad9de886e19cdc4c
- SHA512
  
  aeb3c79eea0134dd3f7663c6b0b0592e6f2f9ad9d5636899db43133a6a5f5eff7071fa437620924d01a281cdb26b03549189ef18704074ee564379f792615560
- SSDEEP
  
  1536:DdJrJihfQxtQg1nhFc9pJpk+tCwmg+Q6buWkJ2/tnJs1vHMpUv/r/:J54QxjJGJpTP65vFYMper/
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2