005114de7dbb96f5760c52285790698976f945f8c5b070b3a795afe1d85e8446 | Triage

Sharing

General

Target

35cd702424aa3cd283f58ede71e71c05
Size

198KB
Sample

231225-xhvmhsfadq
MD5

35cd702424aa3cd283f58ede71e71c05
SHA1

8fa9307e8f6f32a6a70a9816ff6b5d5e43a41912
SHA256

005114de7dbb96f5760c52285790698976f945f8c5b070b3a795afe1d85e8446
SHA512

bc25bf71a6b628b43da8e9b51fc4f5e90a64a91c0a0b1e55f60de0bb48163da7a56029455e4944f95c8476f88d0b4b169264a9aebba4b7d1556d884bc54b0ed8
SSDEEP

3072:vcMxYfsg+zIGKMJCiGo7IxUU5KkagzjV8v3K/j6IwigZxCVoaUpkvU:2U5Fdf7cQF4jVwU+HiMCVrCks

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  35cd702424aa3cd283f58ede71e71c05
- Size
  
  198KB
- MD5
  
  35cd702424aa3cd283f58ede71e71c05
- SHA1
  
  8fa9307e8f6f32a6a70a9816ff6b5d5e43a41912
- SHA256
  
  005114de7dbb96f5760c52285790698976f945f8c5b070b3a795afe1d85e8446
- SHA512
  
  bc25bf71a6b628b43da8e9b51fc4f5e90a64a91c0a0b1e55f60de0bb48163da7a56029455e4944f95c8476f88d0b4b169264a9aebba4b7d1556d884bc54b0ed8
- SSDEEP
  
  3072:vcMxYfsg+zIGKMJCiGo7IxUU5KkagzjV8v3K/j6IwigZxCVoaUpkvU:2U5Fdf7cQF4jVwU+HiMCVrCks
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2