7cbb3a25ea393f3e590f9b26a6d02457d3c3fe6eed2c418bf1b389ac58c12a61 | Triage

Sharing

General

Target

071c5bee94a2368e9fec5e885f9f03ed
Size

180KB
Sample

231229-3lencsagh9
MD5

071c5bee94a2368e9fec5e885f9f03ed
SHA1

5783246d157b9c381e0ea501c22e628956eb99ee
SHA256

7cbb3a25ea393f3e590f9b26a6d02457d3c3fe6eed2c418bf1b389ac58c12a61
SHA512

a43de022e5b70d321296c112658a7dcb260222753d717b3fd6fa56725a4ca6515075a4d771eea626d199459e3104af297320379f37953ed96fb3eadc07cd45f0
SSDEEP

3072:d5MurQVx3VKUq+2cE9EOB3vd2oCO001kai/rZtFCYu+CwNLYToAq:vHrgVKUX2LFd2pO001kaMrNCY5CWLH

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  071c5bee94a2368e9fec5e885f9f03ed
- Size
  
  180KB
- MD5
  
  071c5bee94a2368e9fec5e885f9f03ed
- SHA1
  
  5783246d157b9c381e0ea501c22e628956eb99ee
- SHA256
  
  7cbb3a25ea393f3e590f9b26a6d02457d3c3fe6eed2c418bf1b389ac58c12a61
- SHA512
  
  a43de022e5b70d321296c112658a7dcb260222753d717b3fd6fa56725a4ca6515075a4d771eea626d199459e3104af297320379f37953ed96fb3eadc07cd45f0
- SSDEEP
  
  3072:d5MurQVx3VKUq+2cE9EOB3vd2oCO001kai/rZtFCYu+CwNLYToAq:vHrgVKUX2LFd2pO001kaMrNCY5CWLH
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2