Overview

overview

8

Static

static

7636e98195...cb.exe

windows7-x64

8

7636e98195...cb.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    7636e981959080e74cdc6aca20b8e9d49394f656a017146aa04c900a49a542cb

  • Size

    161KB

  • Sample

    221201-ds6yradf31

  • MD5

    69c4fe61e8b95f3f5acbc67fc2748ad8

  • SHA1

    60d0796e77b37dade444426c9c705ada3795f5d9

  • SHA256

    7636e981959080e74cdc6aca20b8e9d49394f656a017146aa04c900a49a542cb

  • SHA512

    e5463f428c6d9e3a0d76e7402264afe74e1efcea1530358b0dcc3fc3248704a0e7ef45d38ded3660672f52dda979bf7c8613b15673111ee7516096ec36b38acb

  • SSDEEP

    3072:9EMiGWH9b50yY8SUPpLuGoxayWkG3EHzrzLwCQNU80bPxRdK3g14:KDdN0ykuLY4yWNAzP6SPA

Score
8/10
persistence

Malware Config

Targets

    • Target

      7636e981959080e74cdc6aca20b8e9d49394f656a017146aa04c900a49a542cb

    • Size

      161KB

    • MD5

      69c4fe61e8b95f3f5acbc67fc2748ad8

    • SHA1

      60d0796e77b37dade444426c9c705ada3795f5d9

    • SHA256

      7636e981959080e74cdc6aca20b8e9d49394f656a017146aa04c900a49a542cb

    • SHA512

      e5463f428c6d9e3a0d76e7402264afe74e1efcea1530358b0dcc3fc3248704a0e7ef45d38ded3660672f52dda979bf7c8613b15673111ee7516096ec36b38acb

    • SSDEEP

      3072:9EMiGWH9b50yY8SUPpLuGoxayWkG3EHzrzLwCQNU80bPxRdK3g14:KDdN0ykuLY4yWNAzP6SPA

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks