44f105d64c55a8773bb2a9ede81646f8b79503ec15eea7560990fa132d79ef76 | Triage

Sharing

General

Target

fb3d344be065453c0cbe0d477b1c8fa8
Size

195KB
Sample

231228-1wzeeafcb8
MD5

fb3d344be065453c0cbe0d477b1c8fa8
SHA1

39f5f09feba7b5badec1063ae459fe0e0522b1e0
SHA256

44f105d64c55a8773bb2a9ede81646f8b79503ec15eea7560990fa132d79ef76
SHA512

011406d4ef23135300ec3f718a5b43300fdcc6bad0ec19c99623cd8a0bcee562efd0efcbf4881237652df31f88d9191bddd068ff2dbb4088d290e3464413926c
SSDEEP

3072:qJg93A/BYtsYUG214enxLQVYFKEtgU//r23uV13MBhIog+rMbZBOGSqszwQu5CiQ:b9Qp0lz2yceq//pM/I0rXN1wQu5Cp

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  fb3d344be065453c0cbe0d477b1c8fa8
- Size
  
  195KB
- MD5
  
  fb3d344be065453c0cbe0d477b1c8fa8
- SHA1
  
  39f5f09feba7b5badec1063ae459fe0e0522b1e0
- SHA256
  
  44f105d64c55a8773bb2a9ede81646f8b79503ec15eea7560990fa132d79ef76
- SHA512
  
  011406d4ef23135300ec3f718a5b43300fdcc6bad0ec19c99623cd8a0bcee562efd0efcbf4881237652df31f88d9191bddd068ff2dbb4088d290e3464413926c
- SSDEEP
  
  3072:qJg93A/BYtsYUG214enxLQVYFKEtgU//r23uV13MBhIog+rMbZBOGSqszwQu5CiQ:b9Qp0lz2yceq//pM/I0rXN1wQu5Cp
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2