Overview

overview

8

Static

static

c0f7a0c2d1...4d.exe

windows7-x64

8

c0f7a0c2d1...4d.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c0f7a0c2d1466568ff47efe1e98c47a9095315f786c087f673327d0ba46de24d

  • Size

    215KB

  • Sample

    221203-f3lfxagh54

  • MD5

    8118a66149afd9ca2d18875c053c8a6a

  • SHA1

    676710a8589e1cccdacce7baa55881c619162e3d

  • SHA256

    c0f7a0c2d1466568ff47efe1e98c47a9095315f786c087f673327d0ba46de24d

  • SHA512

    dead3b68f2d634efbbe68c13ba4288472f562c4087efcb8075dc29d0d36988bc931a7fb3e80a11d366caa5c9d4a9146998effb648917bc1c408d2f0bd113d757

  • SSDEEP

    3072:yw22zqb6PLlOn4ABdTAE8Lghp9nMPDtBIDtRGUDetbIIr0xI4oK6mHgpFWE0Vn8w:5q2PQ1LJKDejetbIIS7eWEjHetZ

Score
8/10

Malware Config

Targets

    • Target

      c0f7a0c2d1466568ff47efe1e98c47a9095315f786c087f673327d0ba46de24d

    • Size

      215KB

    • MD5

      8118a66149afd9ca2d18875c053c8a6a

    • SHA1

      676710a8589e1cccdacce7baa55881c619162e3d

    • SHA256

      c0f7a0c2d1466568ff47efe1e98c47a9095315f786c087f673327d0ba46de24d

    • SHA512

      dead3b68f2d634efbbe68c13ba4288472f562c4087efcb8075dc29d0d36988bc931a7fb3e80a11d366caa5c9d4a9146998effb648917bc1c408d2f0bd113d757

    • SSDEEP

      3072:yw22zqb6PLlOn4ABdTAE8Lghp9nMPDtBIDtRGUDetbIIr0xI4oK6mHgpFWE0Vn8w:5q2PQ1LJKDejetbIIS7eWEjHetZ

    Score
    8/10

    • Executes dropped EXE

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks