Overview

overview

8

Static

static

821f4a17d3...53.exe

windows7-x64

8

821f4a17d3...53.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    821f4a17d32edfd60fe2f72371eb256e82b874a384154cc96916670718630b53

  • Size

    184KB

  • Sample

    221201-cqk3tsac9w

  • MD5

    a7b874e729944aef06c30c45c79cb5a2

  • SHA1

    7cf6f932d9db67cb41594d525f0fdacb1eb8aa7a

  • SHA256

    821f4a17d32edfd60fe2f72371eb256e82b874a384154cc96916670718630b53

  • SHA512

    97745485da5a25d850a274ba3af6ae2f1d875e8a5ef19e6ff17b2f413c9488b903d83ad8d86e8d4c6f98f2543ba9419d169322ce5c8d96a93d4e9142923e1054

  • SSDEEP

    3072:GpYV4vTyGXE8RqiGc0ggKTL02m6MOOVY8evilv2YtRW6zdkDkjTq8Zr1z8ChzGlc:XiWGNp0gHX0CVS2YWIJgC

Score
8/10
persistence

Malware Config

Targets

    • Target

      821f4a17d32edfd60fe2f72371eb256e82b874a384154cc96916670718630b53

    • Size

      184KB

    • MD5

      a7b874e729944aef06c30c45c79cb5a2

    • SHA1

      7cf6f932d9db67cb41594d525f0fdacb1eb8aa7a

    • SHA256

      821f4a17d32edfd60fe2f72371eb256e82b874a384154cc96916670718630b53

    • SHA512

      97745485da5a25d850a274ba3af6ae2f1d875e8a5ef19e6ff17b2f413c9488b903d83ad8d86e8d4c6f98f2543ba9419d169322ce5c8d96a93d4e9142923e1054

    • SSDEEP

      3072:GpYV4vTyGXE8RqiGc0ggKTL02m6MOOVY8evilv2YtRW6zdkDkjTq8Zr1z8ChzGlc:XiWGNp0gHX0CVS2YWIJgC

    Score
    8/10
    persistence

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks