General
-
Target
0c7824fd2d1717ce83f2c7a6522047c4
-
Size
12.7MB
-
Sample
231230-dlntlahbak
-
MD5
0c7824fd2d1717ce83f2c7a6522047c4
-
SHA1
4849c18f94170bd876a2b0653763c04ebe61cfc4
-
SHA256
59b5b9da2fdcee0b843246228a6eace2de8e5f20a82e2ed7df64e78f657f8772
-
SHA512
eae3dd61afae33e900953fb0bf4f1e994c4df8bf2c3d7ed3581a8e06801857373bc2cad25a518825c62b829eb61cc286169bf3cefc43f9b818ab937b24e7cf94
-
SSDEEP
24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB5:Fnh
Static task
static1
Behavioral task
behavioral1
Sample
0c7824fd2d1717ce83f2c7a6522047c4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0c7824fd2d1717ce83f2c7a6522047c4.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
0c7824fd2d1717ce83f2c7a6522047c4
-
Size
12.7MB
-
MD5
0c7824fd2d1717ce83f2c7a6522047c4
-
SHA1
4849c18f94170bd876a2b0653763c04ebe61cfc4
-
SHA256
59b5b9da2fdcee0b843246228a6eace2de8e5f20a82e2ed7df64e78f657f8772
-
SHA512
eae3dd61afae33e900953fb0bf4f1e994c4df8bf2c3d7ed3581a8e06801857373bc2cad25a518825c62b829eb61cc286169bf3cefc43f9b818ab937b24e7cf94
-
SSDEEP
24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB5:Fnh
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2