Overview

overview

8

Static

static

1a6ee9b3aa...67.exe

windows7-x64

8

1a6ee9b3aa...67.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a6ee9b3aa1d24cabaf8e8fec72cef1d2d1b3e692d4d7d1db7cfc16d10169967

  • Size

    180KB

  • Sample

    221206-nbl75afd2t

  • MD5

    977e4e96d9fa52734f24f28d61685ea7

  • SHA1

    0645cac5165dc6883ca4a37b328f271eefef8485

  • SHA256

    1a6ee9b3aa1d24cabaf8e8fec72cef1d2d1b3e692d4d7d1db7cfc16d10169967

  • SHA512

    cb2d4916c9e951c77e3fc20b3377889c680fd897fb382e1b344487eaa204d0359b655dae91866222ef8683a1e22decc9a3d5259d7ec9a7a9f02cde684548d7fe

  • SSDEEP

    3072:ufimO4AYcpO4D2rdUz412nkz/XFm7cMW5Mz5OiqdwsnWJ/sLb5mFggyqWBOB80lv:ufiL4AYcp/EtzfXMeBdwsW1s3Mgfq+O6

Score
8/10
persistence

Malware Config

Targets

    • Target

      1a6ee9b3aa1d24cabaf8e8fec72cef1d2d1b3e692d4d7d1db7cfc16d10169967

    • Size

      180KB

    • MD5

      977e4e96d9fa52734f24f28d61685ea7

    • SHA1

      0645cac5165dc6883ca4a37b328f271eefef8485

    • SHA256

      1a6ee9b3aa1d24cabaf8e8fec72cef1d2d1b3e692d4d7d1db7cfc16d10169967

    • SHA512

      cb2d4916c9e951c77e3fc20b3377889c680fd897fb382e1b344487eaa204d0359b655dae91866222ef8683a1e22decc9a3d5259d7ec9a7a9f02cde684548d7fe

    • SSDEEP

      3072:ufimO4AYcpO4D2rdUz412nkz/XFm7cMW5Mz5OiqdwsnWJ/sLb5mFggyqWBOB80lv:ufiL4AYcp/EtzfXMeBdwsW1s3Mgfq+O6

    Score
    8/10
    persistence

    • Registers COM server for autorun

      persistence

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks