General

  • Target

    c2fc7ad9cd3fe4c6ba65622c336b40ee826c8085e3e0c26b27935790983f2793

  • Size

    142KB

  • Sample

    221204-wgm1lscb95

  • MD5

    dbd77f230c9298c788ef00c412b19682

  • SHA1

    d92f1e462062e04d840ee563ade55a912b9492ca

  • SHA256

    c2fc7ad9cd3fe4c6ba65622c336b40ee826c8085e3e0c26b27935790983f2793

  • SHA512

    06394f83d0e388bf000f8c11462cbc70353b9797f5e9934e0158a80b59e34dc228596f50016afe95e07e5395918e81a6df723ee10289964ca6c2ff884b05debe

  • SSDEEP

    3072:vQNfwH5j97KPyZkb2se8RV1MMFhozjnx3YhljCl7qje:vQaB97KPyZ/2V1MkhaYjClie

Score
10/10

Malware Config

Targets

    • Target

      c2fc7ad9cd3fe4c6ba65622c336b40ee826c8085e3e0c26b27935790983f2793

    • Size

      142KB

    • MD5

      dbd77f230c9298c788ef00c412b19682

    • SHA1

      d92f1e462062e04d840ee563ade55a912b9492ca

    • SHA256

      c2fc7ad9cd3fe4c6ba65622c336b40ee826c8085e3e0c26b27935790983f2793

    • SHA512

      06394f83d0e388bf000f8c11462cbc70353b9797f5e9934e0158a80b59e34dc228596f50016afe95e07e5395918e81a6df723ee10289964ca6c2ff884b05debe

    • SSDEEP

      3072:vQNfwH5j97KPyZkb2se8RV1MMFhozjnx3YhljCl7qje:vQaB97KPyZ/2V1MkhaYjClie

    Score
    10/10
    • Modifies firewall policy service

    • Modifies security service

    • Sets service image path in registry

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

4
T1112

Tasks