General
-
Target
0acdbf6b25a91c5f4893e400e65e0496
-
Size
244KB
-
Sample
231230-cb6qzseghr
-
MD5
0acdbf6b25a91c5f4893e400e65e0496
-
SHA1
286543197ef5eab99694c4fdc9d809acb8ddfbf7
-
SHA256
33bd4d59ba1288db3680d2539ac5cff725741f7a075a9433a9312a7db931cc89
-
SHA512
588a08b822a87be0b5c4bf281113c29612f62447037df625d6a98620ad8cc3b2112566e31bf58b9807695b66d0d3e08a2534f5a5fc21ea23a2edb2183d25e23b
-
SSDEEP
3072:SH8cRYc70fvbtCiqTf0dYTaMd4fh6FDGeTWXXCwu6Jw7WmXSHAXgamyPDbM:SHTH0fv5dyDxYCwu6mH2AX1DM
Malware Config
Targets
-
-
Target
0acdbf6b25a91c5f4893e400e65e0496
-
Size
244KB
-
MD5
0acdbf6b25a91c5f4893e400e65e0496
-
SHA1
286543197ef5eab99694c4fdc9d809acb8ddfbf7
-
SHA256
33bd4d59ba1288db3680d2539ac5cff725741f7a075a9433a9312a7db931cc89
-
SHA512
588a08b822a87be0b5c4bf281113c29612f62447037df625d6a98620ad8cc3b2112566e31bf58b9807695b66d0d3e08a2534f5a5fc21ea23a2edb2183d25e23b
-
SSDEEP
3072:SH8cRYc70fvbtCiqTf0dYTaMd4fh6FDGeTWXXCwu6Jw7WmXSHAXgamyPDbM:SHTH0fv5dyDxYCwu6mH2AX1DM
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-