afc4c7b79eb5ca8295412765d9a3e87d0c1827f8ec68575d6abe67485e29aad8 | Triage

Sharing

General

Target

afc4c7b79eb5ca8295412765d9a3e87d0c1827f8ec68575d6abe67485e29aad8
Size

179KB
Sample

221130-2928wsha91
MD5

6193ee5f5d2c3bc571d6592db668239c
SHA1

6e01c0e21d73a12eb6cfd87bea60ead9b10adc7f
SHA256

afc4c7b79eb5ca8295412765d9a3e87d0c1827f8ec68575d6abe67485e29aad8
SHA512

01174c09b3fcf26808bc804c6d827cb1d7f77b8c89f4db9161aea16af3b2d5556642f19becfdc352042cf0cd85979d7dfdb02f00a8bd18e4566b26f42b09be1b
SSDEEP

3072:iB+jXhOmoucEbJNvBpLUSVrEFAKZgeEIoNugEYJi3/kffw0k/mptzs749Qt8:fxOffgBpo24TZgeuPwWI0k/mM71

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  afc4c7b79eb5ca8295412765d9a3e87d0c1827f8ec68575d6abe67485e29aad8
- Size
  
  179KB
- MD5
  
  6193ee5f5d2c3bc571d6592db668239c
- SHA1
  
  6e01c0e21d73a12eb6cfd87bea60ead9b10adc7f
- SHA256
  
  afc4c7b79eb5ca8295412765d9a3e87d0c1827f8ec68575d6abe67485e29aad8
- SHA512
  
  01174c09b3fcf26808bc804c6d827cb1d7f77b8c89f4db9161aea16af3b2d5556642f19becfdc352042cf0cd85979d7dfdb02f00a8bd18e4566b26f42b09be1b
- SSDEEP
  
  3072:iB+jXhOmoucEbJNvBpLUSVrEFAKZgeEIoNugEYJi3/kffw0k/mptzs749Qt8:fxOffgBpo24TZgeuPwWI0k/mM71
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2