General

  • Target

    93714270f4216954a6dfec6356485bfa63ef41dd3f9652dce407e9749b869b4e

  • Size

    223KB

  • Sample

    231208-3zpqgsfbc6

  • MD5

    ed324a12e5e9c4295820b27774d578fe

  • SHA1

    8886f54fd3bbb045f9f1e6dccb21267a4a72657a

  • SHA256

    93714270f4216954a6dfec6356485bfa63ef41dd3f9652dce407e9749b869b4e

  • SHA512

    f52e9cf86b0430ee31f5b53518bf7c625e3aeb80fb9efbb781468108dd00f9c243bcbd164badd62ef2b2a5ac59c4abadbb21b3c564318210ac0aa14e923c59c6

  • SSDEEP

    3072:pZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:jwPSUONLNsuWA7koN+boRi9S6oiz72D

Score
10/10

Malware Config

Targets

    • Target

      93714270f4216954a6dfec6356485bfa63ef41dd3f9652dce407e9749b869b4e

    • Size

      223KB

    • MD5

      ed324a12e5e9c4295820b27774d578fe

    • SHA1

      8886f54fd3bbb045f9f1e6dccb21267a4a72657a

    • SHA256

      93714270f4216954a6dfec6356485bfa63ef41dd3f9652dce407e9749b869b4e

    • SHA512

      f52e9cf86b0430ee31f5b53518bf7c625e3aeb80fb9efbb781468108dd00f9c243bcbd164badd62ef2b2a5ac59c4abadbb21b3c564318210ac0aa14e923c59c6

    • SSDEEP

      3072:pZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:jwPSUONLNsuWA7koN+boRi9S6oiz72D

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks