31ca86832e3083bfa7215d45446478c8b22d0a2f3144b35e594f90d197957ab7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e8169bd0199567b1b87b319fedd0731
Size

173KB
Sample

231230-e4h7hadbfq
MD5

0e8169bd0199567b1b87b319fedd0731
SHA1

b6ae50be966bf428198123894c45b6bc8b2e06e5
SHA256

31ca86832e3083bfa7215d45446478c8b22d0a2f3144b35e594f90d197957ab7
SHA512

f2cac81147e8a0ed8de30e09659fda99abb4c944bc730ccc9b59ed63330860d9245cc9be838203850fa906e0777be0a6d741601f908d1886c1ce9de8ca8a4ecd
SSDEEP

3072:KikdYkPuXhgXpjaubweQb5u4dL5Lp2OG75engtD4GzXxNarGZmjMR0fGHXjBz:noYkPu8xaNNdZIOGFl4gMVfG3jB

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0e8169bd0199567b1b87b319fedd0731
- Size
  
  173KB
- MD5
  
  0e8169bd0199567b1b87b319fedd0731
- SHA1
  
  b6ae50be966bf428198123894c45b6bc8b2e06e5
- SHA256
  
  31ca86832e3083bfa7215d45446478c8b22d0a2f3144b35e594f90d197957ab7
- SHA512
  
  f2cac81147e8a0ed8de30e09659fda99abb4c944bc730ccc9b59ed63330860d9245cc9be838203850fa906e0777be0a6d741601f908d1886c1ce9de8ca8a4ecd
- SSDEEP
  
  3072:KikdYkPuXhgXpjaubweQb5u4dL5Lp2OG75engtD4GzXxNarGZmjMR0fGHXjBz:noYkPu8xaNNdZIOGFl4gMVfG3jB
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2