0879e3a09538aaa80f1ce9f0a9f8627f21a0886f94f7759a17bba410948cfb08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4890ac55f0ec5b68a45ad880c9a39e55
Size

194KB
Sample

231226-bm5gmahffn
MD5

4890ac55f0ec5b68a45ad880c9a39e55
SHA1

e1b4ee831075ba1b0dba1507dec340e2929f7da6
SHA256

0879e3a09538aaa80f1ce9f0a9f8627f21a0886f94f7759a17bba410948cfb08
SHA512

c2b1b239c83fed099f3516eaa8019bb03c05743a2a0aa4aba80844e15f3387a2f44e21a8e7776c4554ad79f82d75672ad93850833c4e427acfc7139d4b12cf21
SSDEEP

6144:yaaQdGnSlSD9CQNOuhUL7hJxlX1eK47Y:3FSDsn+UnhJxlt

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  4890ac55f0ec5b68a45ad880c9a39e55
- Size
  
  194KB
- MD5
  
  4890ac55f0ec5b68a45ad880c9a39e55
- SHA1
  
  e1b4ee831075ba1b0dba1507dec340e2929f7da6
- SHA256
  
  0879e3a09538aaa80f1ce9f0a9f8627f21a0886f94f7759a17bba410948cfb08
- SHA512
  
  c2b1b239c83fed099f3516eaa8019bb03c05743a2a0aa4aba80844e15f3387a2f44e21a8e7776c4554ad79f82d75672ad93850833c4e427acfc7139d4b12cf21
- SSDEEP
  
  6144:yaaQdGnSlSD9CQNOuhUL7hJxlX1eK47Y:3FSDsn+UnhJxlt
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2