Overview

overview

8

Static

static

40b0c540c3...8c.exe

windows7-x64

8

40b0c540c3...8c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    40b0c540c33092c4272fc2405e0f443bcddb806617cda25c4f41cfff79a88e8c

  • Size

    177KB

  • Sample

    221205-sa3kyadg51

  • MD5

    a4aed7889813f86a5b9180b2d4a7182e

  • SHA1

    26f24b4819e7385bfe281cafb5935d1cc93e3565

  • SHA256

    40b0c540c33092c4272fc2405e0f443bcddb806617cda25c4f41cfff79a88e8c

  • SHA512

    a1cc1799c946c49a33ae218f810d4bbde08e75a0ff135821e4af52d18b0cafcaae9b31beb23aa83bc772fe4ff6be15e34f05afd52041e420d769e644e4bbb7e9

  • SSDEEP

    3072:3VGWfJyPk0M2RdzOKf9S4085TqR7GCpmpWb+3TxUyOPAOM5OBG+udGaYZE:l1V0M2zT3u5Jpi++yyrOhYdqG

Score
8/10
persistence

Malware Config

Targets

    • Target

      40b0c540c33092c4272fc2405e0f443bcddb806617cda25c4f41cfff79a88e8c

    • Size

      177KB

    • MD5

      a4aed7889813f86a5b9180b2d4a7182e

    • SHA1

      26f24b4819e7385bfe281cafb5935d1cc93e3565

    • SHA256

      40b0c540c33092c4272fc2405e0f443bcddb806617cda25c4f41cfff79a88e8c

    • SHA512

      a1cc1799c946c49a33ae218f810d4bbde08e75a0ff135821e4af52d18b0cafcaae9b31beb23aa83bc772fe4ff6be15e34f05afd52041e420d769e644e4bbb7e9

    • SSDEEP

      3072:3VGWfJyPk0M2RdzOKf9S4085TqR7GCpmpWb+3TxUyOPAOM5OBG+udGaYZE:l1V0M2zT3u5Jpi++yyrOhYdqG

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks