Overview

overview

8

Static

static

35baf6f845...cc.exe

windows7-x64

8

35baf6f845...cc.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35baf6f8455ddb5dbac2a40ffdbbdae04b24f2c34af9dc4eabd7d4acded031cc

  • Size

    205KB

  • Sample

    221129-tl8rrsdh35

  • MD5

    bd718e216ccae05a3d9258ee9e8d2cf3

  • SHA1

    ea5110f9040d9b5af98aa902f2ad6516e95144ab

  • SHA256

    35baf6f8455ddb5dbac2a40ffdbbdae04b24f2c34af9dc4eabd7d4acded031cc

  • SHA512

    9822b2a190032c2937700288b84c4dee72a9bf4ac931a4e68aa0c3b5bfe21c2a62c4381bd6fb956838895334519dd5f0d31f1ecbbdc67306da3395ffcb4d293d

  • SSDEEP

    3072:a22O81KXCQu7d1sc1/1QB9EHazy+gSqbncI2i2gV+dwYun6g3Yu06ZoQs:a22TQu7dJXa3qjv2c55n6qYupS7

Score
8/10

Malware Config

Targets

    • Target

      35baf6f8455ddb5dbac2a40ffdbbdae04b24f2c34af9dc4eabd7d4acded031cc

    • Size

      205KB

    • MD5

      bd718e216ccae05a3d9258ee9e8d2cf3

    • SHA1

      ea5110f9040d9b5af98aa902f2ad6516e95144ab

    • SHA256

      35baf6f8455ddb5dbac2a40ffdbbdae04b24f2c34af9dc4eabd7d4acded031cc

    • SHA512

      9822b2a190032c2937700288b84c4dee72a9bf4ac931a4e68aa0c3b5bfe21c2a62c4381bd6fb956838895334519dd5f0d31f1ecbbdc67306da3395ffcb4d293d

    • SSDEEP

      3072:a22O81KXCQu7d1sc1/1QB9EHazy+gSqbncI2i2gV+dwYun6g3Yu06ZoQs:a22TQu7dJXa3qjv2c55n6qYupS7

    Score
    8/10

    • Executes dropped EXE

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks