Overview

overview

8

Static

static

822852617f...c9.exe

windows7-x64

8

822852617f...c9.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    822852617fc3e5649de0647969a8d9aaed12a52af2db3bb72d310a8466abf6c9

  • Size

    188KB

  • Sample

    221202-xf6a8sgg3y

  • MD5

    396d5216a867ebe67ca8db94ccd91a55

  • SHA1

    31878f45ef6d1e72a0bb9cf6525ec8edaf06473f

  • SHA256

    822852617fc3e5649de0647969a8d9aaed12a52af2db3bb72d310a8466abf6c9

  • SHA512

    6a803c0cbc0303b5456073fa8827520994f5250a286adff3ea735f62398589ee5a818ca6b57666681fd6285dd7b64c48e973ab0843b6620130c07c366b3ba187

  • SSDEEP

    3072:p+ip66I8Xt3+dQc6hND8aJRWrmtVYkvqJerZam5/VdXhUOQF5/SnB9EF:lLI89aIwaJcmtxOKZayC7/qB9

Score
8/10
persistence

Malware Config

Targets

    • Target

      822852617fc3e5649de0647969a8d9aaed12a52af2db3bb72d310a8466abf6c9

    • Size

      188KB

    • MD5

      396d5216a867ebe67ca8db94ccd91a55

    • SHA1

      31878f45ef6d1e72a0bb9cf6525ec8edaf06473f

    • SHA256

      822852617fc3e5649de0647969a8d9aaed12a52af2db3bb72d310a8466abf6c9

    • SHA512

      6a803c0cbc0303b5456073fa8827520994f5250a286adff3ea735f62398589ee5a818ca6b57666681fd6285dd7b64c48e973ab0843b6620130c07c366b3ba187

    • SSDEEP

      3072:p+ip66I8Xt3+dQc6hND8aJRWrmtVYkvqJerZam5/VdXhUOQF5/SnB9EF:lLI89aIwaJcmtxOKZayC7/qB9

    Score
    8/10
    persistence

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks