Overview

overview

8

Static

static

ef1826caa6...b4.exe

windows7-x64

8

ef1826caa6...b4.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef1826caa6ca65415e8ea5fcef32a1841f5c2580e5a08f219d902089aff395b4

  • Size

    197KB

  • Sample

    221204-cnwfsagg67

  • MD5

    959f14d00f19aa14ec823e83a7624153

  • SHA1

    b683798f3f43a99307d4351efc3953618d1360cf

  • SHA256

    ef1826caa6ca65415e8ea5fcef32a1841f5c2580e5a08f219d902089aff395b4

  • SHA512

    440f82635064bd759e464e3d1361c3b050c7ff47d44139b79141d601aa15c028f8a49fbb53a578ca73d07f41df3886b07ca1d15d18ce9e5377d291f9e94b8371

  • SSDEEP

    3072:cTqoWn7WlApz74iEbHjzA6qT7i7Aop+5jBH9qpqf/X+EmtWwGzcP95CYwFnjEKM:SqoWqq7GXU6vAQ+3eofu9

Score
8/10
persistence

Malware Config

Targets

    • Target

      ef1826caa6ca65415e8ea5fcef32a1841f5c2580e5a08f219d902089aff395b4

    • Size

      197KB

    • MD5

      959f14d00f19aa14ec823e83a7624153

    • SHA1

      b683798f3f43a99307d4351efc3953618d1360cf

    • SHA256

      ef1826caa6ca65415e8ea5fcef32a1841f5c2580e5a08f219d902089aff395b4

    • SHA512

      440f82635064bd759e464e3d1361c3b050c7ff47d44139b79141d601aa15c028f8a49fbb53a578ca73d07f41df3886b07ca1d15d18ce9e5377d291f9e94b8371

    • SSDEEP

      3072:cTqoWn7WlApz74iEbHjzA6qT7i7Aop+5jBH9qpqf/X+EmtWwGzcP95CYwFnjEKM:SqoWqq7GXU6vAQ+3eofu9

    Score
    8/10
    persistence

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks