Overview

overview

10

Static

static

7182d2b6bd...2e.exe

windows7-x64

10

7182d2b6bd...2e.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    7182d2b6bd6d97c12a02f4794dc5101d8580537276c87f0b07d2a21e5df4c82e

  • Size

    180KB

  • Sample

    221129-js3tzsae28

  • MD5

    9f1df2f40555f2778afd7bffa670ff5d

  • SHA1

    c68efc89dec70f2607484c8d1b888284411d4c73

  • SHA256

    7182d2b6bd6d97c12a02f4794dc5101d8580537276c87f0b07d2a21e5df4c82e

  • SHA512

    544711b9e201a59de1394a4f6bb4e110d4b62e942fc57289dea1eecee6326fdfc19df8636d2497088a5cb894da3298d6f2f2c556a06632a21137c8023f025dfa

  • SSDEEP

    3072:L8N+U3yfbN5GgwDlIAYVHSzcrt7VSI5IZbFjS/tdYazX7cYGP:L40DNvw9jzqLSICA/TXe

Score
10/10
evasion

Malware Config

Targets

    • Target

      7182d2b6bd6d97c12a02f4794dc5101d8580537276c87f0b07d2a21e5df4c82e

    • Size

      180KB

    • MD5

      9f1df2f40555f2778afd7bffa670ff5d

    • SHA1

      c68efc89dec70f2607484c8d1b888284411d4c73

    • SHA256

      7182d2b6bd6d97c12a02f4794dc5101d8580537276c87f0b07d2a21e5df4c82e

    • SHA512

      544711b9e201a59de1394a4f6bb4e110d4b62e942fc57289dea1eecee6326fdfc19df8636d2497088a5cb894da3298d6f2f2c556a06632a21137c8023f025dfa

    • SSDEEP

      3072:L8N+U3yfbN5GgwDlIAYVHSzcrt7VSI5IZbFjS/tdYazX7cYGP:L40DNvw9jzqLSICA/TXe

    Score
    10/10
    evasion

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks