Overview

overview

8

Static

static

ab94dcb875...90.exe

windows7-x64

8

ab94dcb875...90.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab94dcb875f73bc474e03f77ad827fb0659fe94b531e1eab7af1c26bbda33690

  • Size

    175KB

  • Sample

    221201-ye5traea89

  • MD5

    6ee0c1fc959b376ced4252a868cabc5e

  • SHA1

    95e50f96119965972825ca42e401d12fa733b58c

  • SHA256

    ab94dcb875f73bc474e03f77ad827fb0659fe94b531e1eab7af1c26bbda33690

  • SHA512

    e0c08ddfda3241550c255a2283940e9e9caec5747c9585b6d0da1c250b9a26c5ba8c715de379e64b83239bfdcb089d64581752e3753da2a4f2105d26a58b4a92

  • SSDEEP

    3072:vI6E88QrF4hB2E4UVa1rZC43gP1rBcqGAiHR2EpZ5UXAHs5Qw//59cQqpAc/r:g6K24hIUVeOgHRdpXUXwOHO7/

Score
8/10
persistence

Malware Config

Targets

    • Target

      ab94dcb875f73bc474e03f77ad827fb0659fe94b531e1eab7af1c26bbda33690

    • Size

      175KB

    • MD5

      6ee0c1fc959b376ced4252a868cabc5e

    • SHA1

      95e50f96119965972825ca42e401d12fa733b58c

    • SHA256

      ab94dcb875f73bc474e03f77ad827fb0659fe94b531e1eab7af1c26bbda33690

    • SHA512

      e0c08ddfda3241550c255a2283940e9e9caec5747c9585b6d0da1c250b9a26c5ba8c715de379e64b83239bfdcb089d64581752e3753da2a4f2105d26a58b4a92

    • SSDEEP

      3072:vI6E88QrF4hB2E4UVa1rZC43gP1rBcqGAiHR2EpZ5UXAHs5Qw//59cQqpAc/r:g6K24hIUVeOgHRdpXUXwOHO7/

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks