46c0099e76be84e25aad5295ffdcf8c22cec83e16fd2e9a9e0d5058eef092399 | Triage

Sharing

General

Target

646202e3250419ef6b755d45e2a17c01
Size

172KB
Sample

231226-lmt11ahgbl
MD5

646202e3250419ef6b755d45e2a17c01
SHA1

19fb63e76bc14cee42731a854f1b793b3e559723
SHA256

46c0099e76be84e25aad5295ffdcf8c22cec83e16fd2e9a9e0d5058eef092399
SHA512

c33b105af9766d63920d3f41122ae4d88ec47960519524d307d14f3256e639353c8332556c5956490ca58febb824d9ce9c79a2bcf01a47821b95ad5baa4ba4de
SSDEEP

3072:Yx6DxN6EDAOlofpwZfziNBtKoFCS8z3Z5v7EqZBfLLLDfW9Xv6Gb0dc:tDxN6EDLsOxTvv73ZBS/6s

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  646202e3250419ef6b755d45e2a17c01
- Size
  
  172KB
- MD5
  
  646202e3250419ef6b755d45e2a17c01
- SHA1
  
  19fb63e76bc14cee42731a854f1b793b3e559723
- SHA256
  
  46c0099e76be84e25aad5295ffdcf8c22cec83e16fd2e9a9e0d5058eef092399
- SHA512
  
  c33b105af9766d63920d3f41122ae4d88ec47960519524d307d14f3256e639353c8332556c5956490ca58febb824d9ce9c79a2bcf01a47821b95ad5baa4ba4de
- SSDEEP
  
  3072:Yx6DxN6EDAOlofpwZfziNBtKoFCS8z3Z5v7EqZBfLLLDfW9Xv6Gb0dc:tDxN6EDLsOxTvv73ZBS/6s
Score

7^/10

persistence
- Deletes itself
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2