7c607c116f82643498320a5c1ed1375affadd46cb3c8a7720941d06f69d18bee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c607c116f82643498320a5c1ed1375affadd46cb3c8a7720941d06f69d18bee
Size

196KB
Sample

221201-kx4shsgb6z
MD5

3e99808127936df22b6b96cbb3dc3ce2
SHA1

3c3950576785bf997623542394ae7579c531ab79
SHA256

7c607c116f82643498320a5c1ed1375affadd46cb3c8a7720941d06f69d18bee
SHA512

6ec3dceb7496b406ff537f0a0ac1868464f2994fadab959c5ee351c0dd95cd37e68336a6b090a733ecfa9d6545fcec814186bb619151781e4fa8bff992a65bb1
SSDEEP

6144:QwYgocbpP5bdjmdoJC7BvGp5yhaIlE+xPT3QAi:QlgxbpXj+oJCvRhDlrAAi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7c607c116f82643498320a5c1ed1375affadd46cb3c8a7720941d06f69d18bee
- Size
  
  196KB
- MD5
  
  3e99808127936df22b6b96cbb3dc3ce2
- SHA1
  
  3c3950576785bf997623542394ae7579c531ab79
- SHA256
  
  7c607c116f82643498320a5c1ed1375affadd46cb3c8a7720941d06f69d18bee
- SHA512
  
  6ec3dceb7496b406ff537f0a0ac1868464f2994fadab959c5ee351c0dd95cd37e68336a6b090a733ecfa9d6545fcec814186bb619151781e4fa8bff992a65bb1
- SSDEEP
  
  6144:QwYgocbpP5bdjmdoJC7BvGp5yhaIlE+xPT3QAi:QlgxbpXj+oJCvRhDlrAAi
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2