02b76d6db95283892ea197e9facbb6caba8961eacf895c38f1756886f010c82f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47e074748bc2524dadb7cbe2436b2736
Size

213KB
Sample

231226-bgc57ahhh2
MD5

47e074748bc2524dadb7cbe2436b2736
SHA1

d4abd105adeb7193347c656ab6385601c941e738
SHA256

02b76d6db95283892ea197e9facbb6caba8961eacf895c38f1756886f010c82f
SHA512

c222bb51ae9597a01aaf89aa5b3303cd295023483a8e714a8a594aaa8f1dc54916be1b76f03595afeadee332abd6503b796152b0e1dfe9961779937d7707cc8c
SSDEEP

3072:aJmgmR7tS/b/V2uXyEBr+msFwLNXs8qm8eicWjKZo285D4EVg:aIL+pjXyur+hFwL1Dz8eqOZo75D9V

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  47e074748bc2524dadb7cbe2436b2736
- Size
  
  213KB
- MD5
  
  47e074748bc2524dadb7cbe2436b2736
- SHA1
  
  d4abd105adeb7193347c656ab6385601c941e738
- SHA256
  
  02b76d6db95283892ea197e9facbb6caba8961eacf895c38f1756886f010c82f
- SHA512
  
  c222bb51ae9597a01aaf89aa5b3303cd295023483a8e714a8a594aaa8f1dc54916be1b76f03595afeadee332abd6503b796152b0e1dfe9961779937d7707cc8c
- SSDEEP
  
  3072:aJmgmR7tS/b/V2uXyEBr+msFwLNXs8qm8eicWjKZo285D4EVg:aIL+pjXyur+hFwL1Dz8eqOZo75D9V
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2