General
-
Target
b69294fc005cccba6fa7d857e45c3b8aac02e36713acf7780bdc16c8ea8b7f22
-
Size
176KB
-
Sample
221201-xnllssag58
-
MD5
dc367ded2689c91d76a1f62ccb62c35f
-
SHA1
4a3042be1df26b0874a8e956b72af4ace8d344b5
-
SHA256
b69294fc005cccba6fa7d857e45c3b8aac02e36713acf7780bdc16c8ea8b7f22
-
SHA512
f6f18b32707ed9630bb6285318c04c7458fb3d82e86d5fb8de637c99d89b502a9c211c33c95468284f4e7313a0c4ecb7748278ceb18feb0b684e62cffd5791ea
-
SSDEEP
3072:Yo9Ymi9PARe6gXz1BMEW2ig2APA07i9j2GwvTzx78SLHoeSKc5SSwiggK19z/596:Yo9CxARe60jMn+7iZ2GwvvBlH0Kc5SSa
Malware Config
Targets
-
-
Target
b69294fc005cccba6fa7d857e45c3b8aac02e36713acf7780bdc16c8ea8b7f22
-
Size
176KB
-
MD5
dc367ded2689c91d76a1f62ccb62c35f
-
SHA1
4a3042be1df26b0874a8e956b72af4ace8d344b5
-
SHA256
b69294fc005cccba6fa7d857e45c3b8aac02e36713acf7780bdc16c8ea8b7f22
-
SHA512
f6f18b32707ed9630bb6285318c04c7458fb3d82e86d5fb8de637c99d89b502a9c211c33c95468284f4e7313a0c4ecb7748278ceb18feb0b684e62cffd5791ea
-
SSDEEP
3072:Yo9Ymi9PARe6gXz1BMEW2ig2APA07i9j2GwvTzx78SLHoeSKc5SSwiggK19z/596:Yo9CxARe60jMn+7iZ2GwvvBlH0Kc5SSa
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Registers COM server for autorun
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-