General
-
Target
502b8c3ce7725c378b6fa51eb5313c083040904b4379222fdf69bc01652611d2
-
Size
184KB
-
Sample
221206-rt5zqsac9s
-
MD5
17e159ebfe627720d5c1d134643f0c10
-
SHA1
2330a167c07d3329591293da8d659eadc2f46b5c
-
SHA256
502b8c3ce7725c378b6fa51eb5313c083040904b4379222fdf69bc01652611d2
-
SHA512
b1c016a7d27f9885b64a357bb7f18bde3f628a3f3adcf0ee6d9fe62f98dbd7bfea5aced9647e159004c275946e7bcd3ac201599b8abd6af5aba15841887e6100
-
SSDEEP
3072:w6l15SSbOeEVa3TmYYB7QEaw7+0XsecLpQRIHEDhjgSyFXzo/QWGQxxmnXMxWa9D:jlGSma3IB7Q+KecaRIHEDvykHGHXXkP
Malware Config
Targets
-
-
Target
502b8c3ce7725c378b6fa51eb5313c083040904b4379222fdf69bc01652611d2
-
Size
184KB
-
MD5
17e159ebfe627720d5c1d134643f0c10
-
SHA1
2330a167c07d3329591293da8d659eadc2f46b5c
-
SHA256
502b8c3ce7725c378b6fa51eb5313c083040904b4379222fdf69bc01652611d2
-
SHA512
b1c016a7d27f9885b64a357bb7f18bde3f628a3f3adcf0ee6d9fe62f98dbd7bfea5aced9647e159004c275946e7bcd3ac201599b8abd6af5aba15841887e6100
-
SSDEEP
3072:w6l15SSbOeEVa3TmYYB7QEaw7+0XsecLpQRIHEDhjgSyFXzo/QWGQxxmnXMxWa9D:jlGSma3IB7Q+KecaRIHEDvykHGHXXkP
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Sets service image path in registry
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-