Overview

overview

8

Static

static

a5ff3fd5e3...b0.exe

windows7-x64

8

a5ff3fd5e3...b0.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5ff3fd5e3f7b9625c2893b577712a4903595f4ace83c5838095f277f708fab0

  • Size

    177KB

  • Sample

    221203-tg7znshg5v

  • MD5

    98428875700d1d88946ec23b1c676a87

  • SHA1

    677a5ba25e4bcca8e35c80e343330889f47daa2d

  • SHA256

    a5ff3fd5e3f7b9625c2893b577712a4903595f4ace83c5838095f277f708fab0

  • SHA512

    102a3b5a00617819d9435bd16503dc4f98af37e1db44d5b6dbf297c602a67291f5776e0238c5a1561597850c8ebf74ad4dcb80084e31e8e0501f3c9e26408b82

  • SSDEEP

    3072:Q6Q5qT4OH+p2HRLpn/qG5S5+26Q4GaDOhpk42AdoSupzvLnmbD4/sE7L:Qv8TepOVkG5Ffn221v9WbD4kEn

Score
8/10
persistence

Malware Config

Targets

    • Target

      a5ff3fd5e3f7b9625c2893b577712a4903595f4ace83c5838095f277f708fab0

    • Size

      177KB

    • MD5

      98428875700d1d88946ec23b1c676a87

    • SHA1

      677a5ba25e4bcca8e35c80e343330889f47daa2d

    • SHA256

      a5ff3fd5e3f7b9625c2893b577712a4903595f4ace83c5838095f277f708fab0

    • SHA512

      102a3b5a00617819d9435bd16503dc4f98af37e1db44d5b6dbf297c602a67291f5776e0238c5a1561597850c8ebf74ad4dcb80084e31e8e0501f3c9e26408b82

    • SSDEEP

      3072:Q6Q5qT4OH+p2HRLpn/qG5S5+26Q4GaDOhpk42AdoSupzvLnmbD4/sE7L:Qv8TepOVkG5Ffn221v9WbD4kEn

    Score
    8/10
    persistence

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks