Overview

overview

10

Static

static

b07ba698cb...dc.exe

windows7-x64

10

b07ba698cb...dc.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b07ba698cb210655d0d4f63b2fb9723d7955137f677d9286836f673e9c2919dc

  • Size

    203KB

  • Sample

    221201-x4b3asch64

  • MD5

    53befa13a3d56728f06f33e2d8dc2f4d

  • SHA1

    5daa22bce02f96f5d159c5f6e98ede5eada074a0

  • SHA256

    b07ba698cb210655d0d4f63b2fb9723d7955137f677d9286836f673e9c2919dc

  • SHA512

    de8ae6d70cefe56e70ea26aaf351cfcfa10a6dba9e95f38c5d7be8fb6e8c6b63574d68d60c2274bda11b95580ab049412706271c01c026d46c5cd12a7f127b22

  • SSDEEP

    6144:g3CGmc1ksJq+ePNHl9j7w+VOMBy2ohgnD:gSAest6NTPw+K

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      b07ba698cb210655d0d4f63b2fb9723d7955137f677d9286836f673e9c2919dc

    • Size

      203KB

    • MD5

      53befa13a3d56728f06f33e2d8dc2f4d

    • SHA1

      5daa22bce02f96f5d159c5f6e98ede5eada074a0

    • SHA256

      b07ba698cb210655d0d4f63b2fb9723d7955137f677d9286836f673e9c2919dc

    • SHA512

      de8ae6d70cefe56e70ea26aaf351cfcfa10a6dba9e95f38c5d7be8fb6e8c6b63574d68d60c2274bda11b95580ab049412706271c01c026d46c5cd12a7f127b22

    • SSDEEP

      6144:g3CGmc1ksJq+ePNHl9j7w+VOMBy2ohgnD:gSAest6NTPw+K

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks