Overview

overview

10

Static

static

67a3439a0b...0f.exe

windows7-x64

10

67a3439a0b...0f.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    67a3439a0b6635a9d66882306d680d88fa0a37d15add9f02ee3f097b2666190f

  • Size

    171KB

  • Sample

    221129-j8rrnabg57

  • MD5

    5c5b94a43b985e7eaa0c8e73c30e0f4b

  • SHA1

    924235d8cb3f0d597d1ea0a7c8bd7d21b93df5f4

  • SHA256

    67a3439a0b6635a9d66882306d680d88fa0a37d15add9f02ee3f097b2666190f

  • SHA512

    2c2d4c643b3223fb8b805e953865774006681d6b7cf84c3829c333feb01d951e30741a5b87c46a09eb54dc7b17928cd05b7e0c3dffb9b92225b19110ca042fe8

  • SSDEEP

    3072:cFmyKeATDVoUnY3YWntpnWE51c38mm7suxSw/503ItLwC4RG814cPdOO:Jy5gDDnYIKa38XnTxyG814cPw

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      67a3439a0b6635a9d66882306d680d88fa0a37d15add9f02ee3f097b2666190f

    • Size

      171KB

    • MD5

      5c5b94a43b985e7eaa0c8e73c30e0f4b

    • SHA1

      924235d8cb3f0d597d1ea0a7c8bd7d21b93df5f4

    • SHA256

      67a3439a0b6635a9d66882306d680d88fa0a37d15add9f02ee3f097b2666190f

    • SHA512

      2c2d4c643b3223fb8b805e953865774006681d6b7cf84c3829c333feb01d951e30741a5b87c46a09eb54dc7b17928cd05b7e0c3dffb9b92225b19110ca042fe8

    • SSDEEP

      3072:cFmyKeATDVoUnY3YWntpnWE51c38mm7suxSw/503ItLwC4RG814cPdOO:Jy5gDDnYIKa38XnTxyG814cPw

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks