Overview

overview

8

Static

static

bdca30bb02...59.exe

windows7-x64

8

bdca30bb02...59.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdca30bb020fc68fbe79241371248b7f24bb6ecc54fb361fda018ae914368b59

  • Size

    148KB

  • Sample

    221203-gwfshsbb26

  • MD5

    6b386bb5d36aa0c707de927e0896d4f1

  • SHA1

    6ae7f35e83c8294c59c505f3e15dacc84992cf56

  • SHA256

    bdca30bb020fc68fbe79241371248b7f24bb6ecc54fb361fda018ae914368b59

  • SHA512

    d2645c34182f1019facb45fa926ee99862beaa9f2ca4a8da3b5e28e931064a164a77cec49c261af4021ed3088f2ec7bba17787fce367d31e91f78daf375202e7

  • SSDEEP

    3072:eYZIzvjQecKAJaDj3o4jjGRmaD/K3vUFONASSB:HZAcFanGRmaD/KC3B

Score
8/10
evasion

Malware Config

Targets

    • Target

      bdca30bb020fc68fbe79241371248b7f24bb6ecc54fb361fda018ae914368b59

    • Size

      148KB

    • MD5

      6b386bb5d36aa0c707de927e0896d4f1

    • SHA1

      6ae7f35e83c8294c59c505f3e15dacc84992cf56

    • SHA256

      bdca30bb020fc68fbe79241371248b7f24bb6ecc54fb361fda018ae914368b59

    • SHA512

      d2645c34182f1019facb45fa926ee99862beaa9f2ca4a8da3b5e28e931064a164a77cec49c261af4021ed3088f2ec7bba17787fce367d31e91f78daf375202e7

    • SSDEEP

      3072:eYZIzvjQecKAJaDj3o4jjGRmaD/K3vUFONASSB:HZAcFanGRmaD/KC3B

    Score
    8/10
    evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks