7d4733843e9f8dfd03ec44d5516737ff2a26b400a3b7a396e3a2be0d732ca8bc | Triage

Sharing

General

Target

09eee7755e1cf4279ac29ada66dd0d82
Size

196KB
Sample

231230-bq1b3sccc5
MD5

09eee7755e1cf4279ac29ada66dd0d82
SHA1

30262f204da06370e290e533ab34ac94d4535452
SHA256

7d4733843e9f8dfd03ec44d5516737ff2a26b400a3b7a396e3a2be0d732ca8bc
SHA512

091ce6ebd7cc3d7c9de6b6798c42f3580cb7e7ebb2852f7a9631e12105064689b41d38c5bc993ea7f637e5000acddad4c934f87e602559c232607ba9e1e870f8
SSDEEP

3072:ApuAgBsUQxs7Lsu79NXbghxqLw7zbYGE70p6hCR4aIz3h3YmaWAIWXIzndBRv:eHgWdunLgrqLwzYVRsR23OmasWMdrv

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  09eee7755e1cf4279ac29ada66dd0d82
- Size
  
  196KB
- MD5
  
  09eee7755e1cf4279ac29ada66dd0d82
- SHA1
  
  30262f204da06370e290e533ab34ac94d4535452
- SHA256
  
  7d4733843e9f8dfd03ec44d5516737ff2a26b400a3b7a396e3a2be0d732ca8bc
- SHA512
  
  091ce6ebd7cc3d7c9de6b6798c42f3580cb7e7ebb2852f7a9631e12105064689b41d38c5bc993ea7f637e5000acddad4c934f87e602559c232607ba9e1e870f8
- SSDEEP
  
  3072:ApuAgBsUQxs7Lsu79NXbghxqLw7zbYGE70p6hCR4aIz3h3YmaWAIWXIzndBRv:eHgWdunLgrqLwzYVRsR23OmasWMdrv
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2