Overview

overview

8

Static

static

b345fbe4bd...8a.exe

windows7-x64

8

b345fbe4bd...8a.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b345fbe4bde4d44288b745f212e12023208dbfbefe168e28b6f1ce28e626498a

  • Size

    171KB

  • Sample

    221203-scrw8aed5t

  • MD5

    6592321b408d14519f2b90de3b53f56c

  • SHA1

    8560f9680962b338287ea44df8824890ff738ad6

  • SHA256

    b345fbe4bde4d44288b745f212e12023208dbfbefe168e28b6f1ce28e626498a

  • SHA512

    5670530ff5681a4b147e8743489c1de53a5c2e8916243fd408f3fa1c672b2b0e9c370be823675e6206dff3de7819cdfa0e63dd64871958b054ae004523b6d255

  • SSDEEP

    3072:DJSOBKfzjdGPC7j3aFXNu+gLwMpZuwsG9jI85hs9gSzq29MoW:VSbfPd4C/2XkPwMvx1SSwdKo

Score
8/10
persistence

Malware Config

Targets

    • Target

      b345fbe4bde4d44288b745f212e12023208dbfbefe168e28b6f1ce28e626498a

    • Size

      171KB

    • MD5

      6592321b408d14519f2b90de3b53f56c

    • SHA1

      8560f9680962b338287ea44df8824890ff738ad6

    • SHA256

      b345fbe4bde4d44288b745f212e12023208dbfbefe168e28b6f1ce28e626498a

    • SHA512

      5670530ff5681a4b147e8743489c1de53a5c2e8916243fd408f3fa1c672b2b0e9c370be823675e6206dff3de7819cdfa0e63dd64871958b054ae004523b6d255

    • SSDEEP

      3072:DJSOBKfzjdGPC7j3aFXNu+gLwMpZuwsG9jI85hs9gSzq29MoW:VSbfPd4C/2XkPwMvx1SSwdKo

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks