02d1aed87366355321948056b3b3ebeb32b12d4db7423bae8b31d174d72d4da8 | Triage

Sharing

General

Target

4fa6c1c17e7c1296d9eef7676b948c46
Size

75KB
Sample

231226-dtzaaseccm
MD5

4fa6c1c17e7c1296d9eef7676b948c46
SHA1

27bdc174fa02ff18f4d5bafd622d46fdb9bd1b3f
SHA256

02d1aed87366355321948056b3b3ebeb32b12d4db7423bae8b31d174d72d4da8
SHA512

e5fa924db2facf47cd8ea14878c51be73dd81311d67aea05c3c5106817763e50d3d60667987ab76f98f6a0c2378c443fc99a4e526e093e81693548b282604d81
SSDEEP

1536:RGjac6lUu4sjBS28Ck89bcRobapREOm9FbOBWVe/bEw3BWF17xwhHKnLB8NhZg/3:RG+baBL30F11whqnNz/OB/q

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  4fa6c1c17e7c1296d9eef7676b948c46
- Size
  
  75KB
- MD5
  
  4fa6c1c17e7c1296d9eef7676b948c46
- SHA1
  
  27bdc174fa02ff18f4d5bafd622d46fdb9bd1b3f
- SHA256
  
  02d1aed87366355321948056b3b3ebeb32b12d4db7423bae8b31d174d72d4da8
- SHA512
  
  e5fa924db2facf47cd8ea14878c51be73dd81311d67aea05c3c5106817763e50d3d60667987ab76f98f6a0c2378c443fc99a4e526e093e81693548b282604d81
- SSDEEP
  
  1536:RGjac6lUu4sjBS28Ck89bcRobapREOm9FbOBWVe/bEw3BWF17xwhHKnLB8NhZg/3:RG+baBL30F11whqnNz/OB/q
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2