General
-
Target
125418f8c06be98f3cad80eb3678f597af719cbc1ab366d96313d36abafa389c
-
Size
132KB
-
Sample
221201-hc6ehacg53
-
MD5
a439d22d3adf43f1e7c28c52afe579b5
-
SHA1
5a79bad84547b8efbe2835694bf729ae532e8be9
-
SHA256
125418f8c06be98f3cad80eb3678f597af719cbc1ab366d96313d36abafa389c
-
SHA512
087bccc5e9fd74506c9bd6785da0e95e36b8c0bf5a27d540b22591397c74db27151bf94e5f438d2c7929ab2ede2fca2202576877e4379974c5d4ec31d44e6d85
-
SSDEEP
3072:uz6/KkEfIN3CWZz+RRdtjhFHJSJjEuN/a8nfJKR4dW0pVMRmDd18mFZJEDHO5YdM:U6tEg9DZit9aoW/ame4dJMRmbJEDHO
Malware Config
Targets
-
-
Target
125418f8c06be98f3cad80eb3678f597af719cbc1ab366d96313d36abafa389c
-
Size
132KB
-
MD5
a439d22d3adf43f1e7c28c52afe579b5
-
SHA1
5a79bad84547b8efbe2835694bf729ae532e8be9
-
SHA256
125418f8c06be98f3cad80eb3678f597af719cbc1ab366d96313d36abafa389c
-
SHA512
087bccc5e9fd74506c9bd6785da0e95e36b8c0bf5a27d540b22591397c74db27151bf94e5f438d2c7929ab2ede2fca2202576877e4379974c5d4ec31d44e6d85
-
SSDEEP
3072:uz6/KkEfIN3CWZz+RRdtjhFHJSJjEuN/a8nfJKR4dW0pVMRmDd18mFZJEDHO5YdM:U6tEg9DZit9aoW/ame4dJMRmbJEDHO
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Sets service image path in registry
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-