b4aeb2134f7a1ad5713e74686b8406b021cd991e2a0701dcf74b52f737aed07b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

060210cc7637d170e963a4873a03c103
Size

180KB
Sample

231225-fewxqsbdh5
MD5

060210cc7637d170e963a4873a03c103
SHA1

bddf8010fe6815056671d56cc1c3996155ff5953
SHA256

b4aeb2134f7a1ad5713e74686b8406b021cd991e2a0701dcf74b52f737aed07b
SHA512

3c1d3f06fbeccd9138f4533b9c93d8cf1cc6ad350cd134a193e71dd5c3254ec91b6a9c002d0e54a5d86e03fdb24f91347262f6f63aeb8b83c11b912ce24a1874
SSDEEP

3072:LDOGVDoOzGVv73HNYFg83zA8a7w/++ILFMKsvh4mMpA27RqpCwNLYpoAqQ:LDOAD3cdY53Ja7w/+ZLFhmMPQCWL9

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  060210cc7637d170e963a4873a03c103
- Size
  
  180KB
- MD5
  
  060210cc7637d170e963a4873a03c103
- SHA1
  
  bddf8010fe6815056671d56cc1c3996155ff5953
- SHA256
  
  b4aeb2134f7a1ad5713e74686b8406b021cd991e2a0701dcf74b52f737aed07b
- SHA512
  
  3c1d3f06fbeccd9138f4533b9c93d8cf1cc6ad350cd134a193e71dd5c3254ec91b6a9c002d0e54a5d86e03fdb24f91347262f6f63aeb8b83c11b912ce24a1874
- SSDEEP
  
  3072:LDOGVDoOzGVv73HNYFg83zA8a7w/++ILFMKsvh4mMpA27RqpCwNLYpoAqQ:LDOAD3cdY53Ja7w/+ZLFhmMPQCWL9
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2