80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf | Triage

Submit
Reports

Overview

overview

Static

static

80fa7bc23b...bf.exe

windows7-x64

80fa7bc23b...bf.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf
Size

160KB
Sample

221203-a2ezvadd3x
MD5

d8fe8368cd7a05bb021bfe6e40080209
SHA1

0bd0091febfb0b65e29702038b65c736be806473
SHA256

80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf
SHA512

6945fc92ceceb94cced37a01d330a8f9a0dbb6273f6e089bd9558058708884568987ab3868b95eb71bc0f4189006f184c6e7915ae94cb8be3d588e9c55236ea8
SSDEEP

3072:Au4ZtPdwFvYhesBj/S+PeyACskwo8Oa86++re92Yycah90:uiX4jvPBjw7bq2bca30

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf
- Size
  
  160KB
- MD5
  
  d8fe8368cd7a05bb021bfe6e40080209
- SHA1
  
  0bd0091febfb0b65e29702038b65c736be806473
- SHA256
  
  80fa7bc23b3d7e0c96a9892c2025a9876817313156e3265d6f08ee2b8cb4d9bf
- SHA512
  
  6945fc92ceceb94cced37a01d330a8f9a0dbb6273f6e089bd9558058708884568987ab3868b95eb71bc0f4189006f184c6e7915ae94cb8be3d588e9c55236ea8
- SSDEEP
  
  3072:Au4ZtPdwFvYhesBj/S+PeyACskwo8Oa86++re92Yycah90:uiX4jvPBjw7bq2bca30
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy